When writing out the connect code to the database isn't it wide open for anyone to view my database username and password? Couldn't they then connect and alter my database? It just seems strange to type out my username and password and not be encrypted.
mysql_connect(localhost, user1, correcthorsebatterystaple)
PHP is executed on the server and outputs HTML to the client. So the client can never view the PHP source. So you don't have to worry about you passwords safety in those files