If a file in Moodle has any php code in it at all it should not have a .html extension. This has proved unsettling for security conscious users. For example, go to
and you get a screen full of code. This is perceived as a possible security issue even if it actually isn't. It would be better if code could not be readily viewed through the web interface.