Why do you think it is a good idea??? vmfiles folder safepath

[Yoreck]

Putting vmfiles folder outside document root is really bad idea.
Why don't you just put proper htaccess file in it and check that the folder is not readable via http??? It can be done totally automatic.

Forgive me, but why do you think that parent folder is more safe? I might be safer SOMETIMES, however it might be LESS SAFE. For example - if you have public folder on you corporate server, and you server document root is subfolder with restricted permissons. Weird? A bit, but I've seen such a situation about 5 times in my life.

Well this is simple. If you have a system, of any kind, you should keep it isolated. This is the basics of it security, isn't it? It is!
So web site should never ever be allowed to do anything outside document root. This is THE RULE. No matter how secure you code is. Code always appear to be secure to programmers.

Can you please remove this feature?