Oh, I see. Well I was a bit worried that the password is displayed in plain text.. what if apache/nginx is misconfigured and instead of serving the file (Settings.php), it's downloaded..?
It actually doesn't matter. At some point the file has to be accessible to PHP to send to MySQL. If it's misconfigured, it's misconfigured and you're stuffed anyway.
Though if it is served, for whatever reason, that password is no more vulnerable than it would be before, IMO.
Also, letting admins move that file around the server (for example in /var/www/something/.. or /home/user/...).. it's more likely to be protected there (it's more difficult to mess with permissions)!
So you're going to make a settings file to record where you're putting the settings file? I'll let you do that while making a settings file to record the location of that settings file.
It would be useful for adding on more php features to a community without having to make a bridge.
Um, no? It's... nothing whatever to do with this? This is about securing the set up you have and protecting the password that is used from the PHP to talk to the database, not a password the user uses to access the site.
In all honesty it would be better to integrate features rather than relying on the absolutely more primitive method of securing.
To explain: HTTP Basic not only sends the password in plain text, it sends it EVERY SINGLE PAGE REQUEST. Even image requests include the password. You might as well not bother sending the password at all since quite literally any network sniffer anywhere between you and the server can access it.