If you’re using SVN to control your web application, your certainly need to deny access to .svn sub-directories.

With Apache2

    <DirectoryMatch "^/.*/\.svn/">
            Order allow,deny
            Deny from all
    </DirectoryMatch>

With lighttpd

    $HTTP["url"] =~ "/\.svn/" {
        url.access-deny = ( "" )
    }