Hello: I recently made a flash application that dynamically loads photos from an XML that is actually created from a PHP page which pulls its information from a MySql database.
Everyone uses that exact same script to connect to there DB with PHP. And it sounds like you have a good secure host you shouldn’t worry. The only way for them to get your .php file is though a lot of work and your little DB is not interest to them lol.
PHP is open source as in the code for PHP is available to be viewed/changed/etc. by anyone who downloads it. Want the source code? Go here: http://us2.php.net/downloads.php
The PHP code you use to display your site is not considered open source unless you’re allowing people access to view it. In otherwords your php file with your username, host, password, etc. for your MySQL database connection isn’t something that someone can just look at and get. If it were that easy you’d have seen a ton of various methods to make sure getting that information was not possible. And you probably would see putting that info into a php file on the PHP website.