You don't stipulate whether you do this or not, but keep them out of (above) your document root.
Name them .php files (not .inc files, like we used to see in the past) so they get run through the parser in case you become susceptible to some directory traversal attack.
I remember using a similar system. From memory, in pseudocode the first line was something to the tune of:
if( $_SERVER['SCRIPT_NAME'] === self) die();
When I started using OOP it became a pain to start every class file off with that line, and I never suffered (touches wood) from directory traversal attacks, so dropped the idea.