The question of .phpc file security is the same as that for PHP .inc files or any other file with a suffix not normally associated with an Apache handler or MIME type: in these cases, the default handler is used to return a request for the resource as type text/plain.
1. Don't upload these files to a public server. Instead,
create an 'upload' target that excludes all *.phpc files
2. Configure Apache with the following .htaccess options:
This method is preferred since it is fastest: .phpc files
are parsed like .php files:
AddType application/x-httpd-php3 .phpc
AddType application/x-httpd-php .phpc
OR: use <Files ...> directive to give the user a
"permission denied" error when any .phpc file is
Slower than the AddType method since every requested file
must be matched against the pattern.
<Files ~ ".phpc">
Deny from all