I don't understant why WordPress is not scripted with built in blank or silence is golden index.php files in all the subfolders of wp-admin, wp-includes, wp-content and wp-plugins.
I just spent the last 2 days plugging up these holes.
This should be a "given". I also use zencart and php link directory and both of those php scripts automatically include blank index.html or index.php files to secure the subfolders of the script.
I would have thought that with the countless number of people who use WordPress, that the development team would have taken this into account as many people would not know or think to look for this.