With that said, a new security hole has been identified with OS X and the built-in Apache Web server. Due to the way that Apache handles commands, and the HFS+ disk structure of most OS X enabled Macs, not all private files on a machine are safe. According to SecurityFocus.com;
A vulnerability exists when Apache webserver is used with Mac OS X Client.
The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apacheis filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.
The impact is that arbitrary privileged files may be disclosed to unprivileged remote users.
You can find more information by going to the SecurityFocus.com Web site, and then clicking on "Vulnerabilities," and then "Advisories." You will see the "MacOS X Client Apache File Protection Bypass Vulnerability" advisory listed, and you can get more information from there.