Btw, there are some measures to protect PHP code too. On our servers, for example, when PHP/CGI scripts are about to be launched, an RBL check is done against the client's IP. I plan to add some PHP script analysis as another check.