To include active content, like scripts and executables, in the web server document directories is sometimes considered an insecure practice.