I believe this
"Above all make sure that the file is not readable from the web! The easiest way to do that is probably to place it somewhere below the webroot."
Should be "above the webroot" or "outside of the webroot".
I will try to make a patch later, just very busy this minute.