>The config.php file should not be readable by an anonymous user, that is a security risk.

Yes usually unauthorized people having access to your server results in various security risks.