You are responsible for securing your web server.
Here are a few items to consider:
Make sure that *.cgi files (including password and data files) are not visible to the world. The server needs to be configured so that it will not permit a browser to display the contents of *.cgi files. One way to do this is to configure your server such that *.cgi files are treated as cgi-scripts. Make sure that you cannot use a browser to open the file containing your Admin Module passwords (STUDYNApacc.cgi). For example, you should not be able to view the contents of the STUDYNAMEpacc.cgi file if you paste an address similar to the one below (using the URL specific to your study) into your browser's address bar:
If attempting to access the *.cgi file causes an error to be posted to the screen, then this lets you know that the *.cgi files are configured correctly.
The server needs to be configured so that server directory listings are not visible to the world. Make sure that if you paste the URL to your "admin" folder into your browser's address bar, you are not able to see any file names. For example (using the URL specific to your study):