I was just looking at the directory listing in a shared web directory, and a .DS_Store file caught my eye. The default OS X httpd.conf allows these files to be served. This might be a security hole, particularly if directory listings are denied. One could inadvertently give prying eyes a glimpse of the files in the directory that one would rather not make public. To prevent this, /etc -> httpd -> httpd.conf should probably contain:
<Files .DS_Store> Order allow,deny Deny from all Satisfy All </Files>Remember to restart Apache after making this change, either with the GUI tools or just by typing sudo apachectl graceful in the Terminal.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030528144052271