that's cool, but i use this code right here:
<?if(!defined('IN_SCRIPT')){header('HTTP/1.0 404 not found');exit;}?>
adding a 404 header will not give the user any clue that the include-file even exists !!!
i also protect the whole include-directory with a .htaccess file that says: "Deny from all"
so i guess that's pretty secure