I noticed that some S3 backup folders and the my.cnf file also appear in the file manager on the website. I think such folders and files should be hidden, and visibility should be limited to only public_html. Is that possible?
Absolutely not. Any file that is visible via SSH should be visible in manager. There is nothing more useless than a file manager that refuses to show hidden files and makes you go into SSH just to edit a single file. As long as said my.conf file can't be accessed by the public its not a security issue.
