More generally, your top-level scripts getting dumped to the browser should not be a security issue to begin with. If one is concerned that access to source makes something insecure, then they have no business using an open-source web server (like apache!). I mean, anyone can just go grab all the source code! The sky is surely falling! -Tim