With regards to PHP security are .env files essential or even necessary
Briefly

Using .env files enhances security by separating sensitive information like database credentials from code, enabling portability and ease of configuration management.
.env files store sensitive variables outside the document root, ensuring they are accessible by PHP but not exposed to the web server, thus enhancing security.
While .ini files support grouped settings, .env files provide flexibility by allowing runtime variable overriding via command line, making them useful in dynamic environments.
To implement .env files on an Apache Linux server, place the file outside the publicly accessible directory, such as htdocs or public_html, and configure your PHP to read it.
Read at SitePoint Forums | Web Development & Design Community
[
|
]