I'm thinking of using the Google Maps Javascript API and they recommend securing the key in files outside the application's source tree, which got my wondering.
If I have files stored in folders on my web server; eg. I have the html (or php) files stored in the public_html folder, and I have some JS files stored in a separate folder, though technically within the public folder, can those JS files be accessed through a web browser?
The example I'm thinking of is when you use the developer tools to access the CSS files of a web app, is it possible to keep info from being seen by public eyes if it's stored in the public folder, even if it's stored in a separate directory, or should these files be stored outside the public directory?