I saw that many websites based on QuickCMS have almost all the directories readable (if you know where a specific file is, you can download it - there is one exception, the database folder, which is protected with .htaccess).
» Quick.Cms v4.x
"A simple way to protect your files is to put an empty index.html file in every folder - that way, no one can see any files, because the browser will serve index.html file."
microdigital - all depends from server. For example can you read this: http://opensolution.org/Quick.Cart/demo/templates/ or http://opensolution.org/Quick.Cart/demo/files/ ? Our hosting provider have default in settings to disable view directories. I think this should be standard in all hostings.