I learned this from a SANS security class: Don't expose directory listings for public folders on your Web site. You know, if you type something like "http://www.misc.com/Flounder/" and by typing the end "/" you can get the contents of the directory--including subdirectories. Not good to reveal information you don't want out, such as non-public directories.
The easiest way to combat this is to simply put an index.html in each directory that is being exposed. It can be an empty page. That way when someone does some path guessing, they are met with this blank page.
Here's a simple all-black page I used:
<html>
<head>
<title>The Void</title>
<Style type="text/css">
body {background-color: #000000}
</style>
</head>
<body>
<pre>
</pre>
<center>
<a href=http://www.joabj.com>Home
</center>
</body>
</html>