RobIn Deo speramus.Premium
Anytime you store any critical information online carries some risk.
For the most part, storing a username and password within a php file, as long as that information isn't outputted to the browser, is to a degree, safe.
If they try to access the index.php file from their browser, the server will output the rendered coding, so they won't see the username or password.
However, if this is a shared server, then in theory, someone with access to the server could navigate to the folder that the file is located in, and view the contents of the file.
So to answer your question: For the most part, it is safe and it's a common way of hard coding usernames/passwords (although someone will reply to me and give me a 3 page explanation why storing the information in a DB, with encryption, should be the only solution, tada tada tada )
CheckSite.us | YourIP.us | Reverseip.us