68thorby68 4 Junior Poster in Training

I've just started using the PayPal classic API for a simple payment solution. The API obviously requires my paypal account credentials so visitors to the site can make payments into my account. My account credentails (username, password, signature key) are stored on the server in a simple configuration file. What steps should I take to protect the configuration file from being hacked or stolen?

Rightly on wrongly, I'm assuming the account credentials are protected in the API by using a secure (SSL) connection to the paypal server?

Many thanks.