On a Security relating to Shared Hosts or Compromised Systems private information such as database passwords and other sensitive data may be readable by another user on the system.
Commonly web servers run as a certain “user” on a system. Usually this one “user” process (web server) has access to any globally-readable file on the file system. It’s trivial to craft PHP (or any other server-side language) to read arbitrary files on the file system. Coupled with the fact the most shared hosting environment user configurations are identicle, any user that knows how his own account or file-system space is layed out is likley to know any other user’s general layout, too, and thusly mail know exactly where to read sensitive information.