The problem with saving off the document root or in the same directory is that the system's source code is being passed around; theoretically, anyone with malicious intent who got ahold of it would be able to get at someone's config file easily, and retrieve the important information. Putting things into DOCUMENT_ROOT/../systemname.cfv puts the file above public_html, so that people cannot access it with a web browser. Which is what I need.