Sunshine recently sent a question through regarding FaltPress security.
First follow the configuration steps in the FlatPress Wiki to setup appropriate folder and file permissions. Permissions on an existing installation can be reset from the "Maintain" section in the Administration area.
After access permissions have been set it is still possible to browse the FlatPress folders on your webserver. Although it could be argued this is not a security hole, it pays to be safe.
To prevent the FlatPress files and folders being browsable it is necessary to modify the .htaccess file in the root of your FlatPress installation. The following entries are one possible solution:
# prevent folder listing IndexIgnore * <Files 403.shtml> order allow,deny allow from all </Files>
Further solutions are available from The Ultimate Htaccess Guide