When a visitor goes to your site, say http://www.example.com/foo, if the webserver doesn't find a file like "index.html", "index.php", etc. in "foo", it will by default let the visitor browse your directory tree. Personally, I think that this should be OFF by default, and only enabled if you really want people to freely browse your files. But, it is easy to turn off. All you have to do is place the following line in your .htaccess file:

Options -Indexes

If you place this in the .htaccess at the root directory of your site, it will automatically apply to all directories underneath. Then, if there are directories you want people to browse, you can enable them by placing an .htaccess in the particular directory with:

Options +Indexes

If you only want to block access to certain files, you can do that with:

IndexIgnore *.php *~

(This example blocks the listing of .php and *~ [backup] files.)

I was a little surprised to find that my webhost didn't set "Options -Index" by default, so it's a good thing to check.