Also... we've various other security measures implemented/enabled on our server such as
mod_user [apache module] & PHP_OpenBaseDir restriction limits users to their directory only, in short it disables the access/ability of users from reading other users' directories/files. Users can read only those files & folders whom are owned by them.
If this wasn't the case.. just imagine everyone having access anywhere... it'd have been a very dangerous exploit causing severe problems & havoc everywhere..
....>
<....