By default, most ISP hosted Apache web server accounts do not prevent file indexing when a user navigates into a folder location missing a default index page. Why is this bad? For starters, it provides a quick and dirty method for determining your server/mod/plugin versions and install directory structure. Script Kiddie 101 stuff.

A quick and easy method to prevent casual file browsing is via a short root .htaccess mod:

# prevent directory browsing
Options -Indexes

Adding this option covers all the root sub folders automatically. Highly recommended for WordPress installs due to the shear volume of file directory information located in a typical install.