Making files world writable is a big security risk, especially php or perl files.
Everyone can change those worldwritable .php files (include evil php code) and execute it! You don't have to be a smart hacker to do this...
Why is it necessary to have 777 on data files anyway? That doesn't make sense. 666 should be enough.
Also why use a .php extension for files that contain no php? Use .txt instead.
You have written a nice shopping cart script, but it seems you don't pay attention to security.
you should highly customize your quick.cart. that is the only option right now. It is also same on other systems too (like Mambo, Oscommerce, etc..)
if you rename your files (or folders) and make necessary editing on the other related codes, than you can be safe (i.e. renaming "admin.php" into "iy593.php" will give you an advantage).