[FX.php List] acct & pass outside web folder?

[Joel Shapiro]

Hi all

I know some people recommend keeping FM acct & password out of the  
main php files, and outside of the Web folder.

What's the best way & location to do this?

Is it fully safe to place them into Session vars once I include that  
page the first time, or should I include that page on every page?

Can this included page consist solely of:
<?php
$acct = 'FMAccountName';
$pass = 'FMPassword';
?>
  - OR (If Session vars are safe) :
<?php
$_SESSION['acct'] = 'FMAccountName';
$_SESSION['pass'] = 'FMPassword';
?>

On a Mac, should this file be outside of the HD/Library/WebServer/  
folder, e.g. in a new HD/Library/WebSafety/ folder?

On Windows, should it be outside C:\Inetpub\wwwroot\?  Does it need  
to be outside C:\Inetpub\?

And lastly, what risks does this avoid?

TIA,
-Joel