The question of .phpc file security is the same as that for PHP .inc files or any other file with a suffix not normally associated with an Apache handler or MIME type: in these cases, the default handler is used to return a request for the resource as type text/plain.
Two choices:
1. Don't upload these files to a public server. Instead,
create an 'upload' target that excludes all *.phpc files
2. Configure Apache with the following .htaccess options:
This method is preferred since it is fastest: .phpc files
are parsed like .php files:
    #for PHP3
    AddType application/x-httpd-php3 .phpc
    #for PHP4
    AddType application/x-httpd-php .phpc
OR: use <Files ...> directive to give the user a
"permission denied" error when any .phpc file is
Slower than the AddType method since every requested file
must be matched against the pattern.
    <Files ~ ".phpc">
     Order allow,deny
     Deny from all