if the file with that information is above your web-root then it's as you note, no more or less secure then a config file with your mysql user and password in it.
If you only have one user or so and dont want to use a datbase you could also use HTTP authentication with .htaccess .htpasswd etc.
MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)