>Good point about the file() function. Somehow, this seems so convoluted. There must be a way to protect the directory from unauthorized users copying or deleting files.
There is - but you need some rights on the production directories, and that involves some interaction with the user's IT staff, which is usually a nice thing to avoid if possible. And most often interactions with them take forever, get you in trouble, and generally make you think of the limitations of the human mind ;).
So if there's a way to solve anything without involving them, I'll take that way.