Probably not the correct place to ask this, but I'm sure it's something which would affect a lot of Rails deployments....
Should you make the 'database.yml' file readable only to the app process (e.g. mongrel) - as it contains the database password. Does this offer any security?
~ Mark
