THANK YOU, that was EXCACTLY what I was saying, you nailed it on the head. I see some karma points for you... :)
Originally posted by Karl
I think what he is getting at is that if you run the CGI version of PHP and it fails to parse the PHP then you would be able to see the actual PHP code and if you included a password file e.g. Your database log on details, in your page they would be able to see where it was stored and if the file was under the web accessible folder they would be able to read it - Which is why like freddy mentioned it is a good idea to keep password files outside web accessible folders for security reasons.
As far as I know if you run the module versino of Apache it will not fail to process the PHP in the same way, because if it fails to process the PHP then there is a good chance that the error would have caused Apache to stop serving the pages as well.