Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.
One of the tricks I like to employ when working on a script that will be called from an outside source of some kind, is to hide a password somewhere in the posted information.
For example, lets say you have a report that you'd like to get nightly. You have your web browser configured to connect every night at 1am and grab the report for the day's activities. But, this information is sensitive, and you don't want just anyone being able to see the report. Since it's an automated task, you don't want to require a challenge/response. Or, what if you are writing an interface to a different system, and need to be able to communicate between systems without leaving the door "wide open" for anyone who could 'accidentally' find the URL?
In a case like this, one way to add a little bit of security is to pass a hidden password or passcode, just to ensure the authenticity of the client side of the connection.
