Just to test it, you could create a link to your script on some page. Then do whatever you do to "save as" (different browsers/OS's have different methods for this). If you get the script, there's a problem. If you get the output, then you know that the server is processing the script before it will serve it.

This isn't to say that there isn't some exploit that someone will find to gain access to your script, but you can assure yourself that it's not wide open to the public.

Rich