Why placing framework folder outside public root is safer?

Well, there is definitely nothing to be gained from placing framework sources inside the web root. Since the choice of where to place the file is therefore free, it's only logical to go with the principle of least privilege : you don't need web access to these files, so you won't get it.

This is safer because if there is any misconfiguration in web server, then it is possible that script files (be it . Php, . Asp or whatever) can be spit out in plain text and potential attacker sees all your source code and defined passwords.

So the best practice is to put only index. Php file in webroot which in turn includes bootstrap script from outside webroot.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.