fix: improve wording for .env file location recommendation

Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
Co-authored-by: Michal Sniatala <[email protected]>
Co-authored-by: ddevsr <[email protected]>

Author: 4 people

app/Config/Paths.php

@@ -81,8 +81,10 @@ class Paths
      * ENVIRONMENT DIRECTORY NAME
      * ---------------------------------------------------------------
      *
-     * This variable must contain the name of the directory for
-     * environment files.
+     * This variable must contain the name of the directory where
+     * the .env file is located.
+     * Please consider security implications when changing this
+     * value - the directory should not be publicly accessible.
      */
     public string $envDirectory = __DIR__ . '/../../';
 }

user_guide_src/source/general/managing_apps.rst

@@ -110,10 +110,9 @@ pointed to the ``public/`` directory, as recommended.
 
 In practice, however, some applications are served from a subdirectory (e.g., ``http://example.com/myapp``)
 rather than from the main domain. In such cases, placing the ``.env`` file within the ``ROOTPATH`` may expose
-sensitive configuration if ``.htaccess`` or other protections are misconfigured.
+sensitive configuration data if ``.htaccess`` or other protections are misconfigured.
 
-To avoid this risk in such setups, it is recommended to ensure the ``.env`` file is located outside any
-web-accessible directories.
+To avoid this risk in such setups, it is recommended that you ensure the ``.env`` file is located outside any web-accessible directories.
 
 .. warning::