This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices!
Permissions on files are configurable for a reason. Control what files are visible to the world, and limit particulars about your account functionality.
- For example, disable world read permissions on the readme.html file to avoid letting outsiders see what version of WordPress you're using.
- Make sure you don't have phpinfo.php or i.php files accessible to everyone.
- DO NOT leave .sql backup files in your web directory - your usernames and passwords are saved in those files along with all your posts and comments.