Just need some opinion here please! :)

Hi guys,
I am a new member to wordpress that just transferred from moveabletype because wordpress is way more flexible and easy to use, very efficient. I have one question however. As instructed by the documentation, I installed the latest verson of WP v 2.1 to my root directory where all the files are set to numeric attribute 644 through my FTP software. Are they any security risks by installing WP to my root directory? say for example a possibility of people trying to pull up http://www.example.com/wp-config.php or some other file through URL navigation and viewing private info like usernames and passwords?

If there is such an issue, would you guys recommend installing wp to a sub-directory in my cgi bin or something?

Thanks for taking the time to answer these questions folks! 🙂