It is always better to move your web site configuration file outside of document root.
This is because if server have an error, this can happen during server upgrades, your configuration files may become view able as plain text or get downloaded instead of executing on servers, that means, your database information, API keys etc.. can become public. I had this happened few times during PHP upgrade, that caused PHP files just get downloaded instead of executing on server side. If you find problem in time, you can stop Apache to avoid this. This is why newer framework only put what is required in DocumentRoot folder.
On WHMCS installation, i moved configuration files out side of DocumentRoot and included the file
cd /home/manage.hostonnet.com/public_html mv configuration.php ..
Now create file configuration.php
With following content
<?php require '/home/manage.hostonnet.com/configuration.php';