+- config.php. Some options in conf.pl / config.php allow for passwords to
+ be set in that file, e.g. the addressbook/preferences DSN, and LDAP
+ addressbooks. When setting a sensitive password, check that config.php
+ is not readable for untrusted system users, and consider the possibility
+ of it being read by other users of the same webserver.
+