Quick ... maybe a stupid question.
When allow_url_include is disabled, does it prevent other remote users from deleting files, including files on my site, or does it say that I am not allowed to remotely include files from other sites?
Settings php.ini only affects your PHP installation
As the php manual says: http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include is intended to include deleted files only if you allow the directory to reach the source, others may include your php files.
allow_url_include - off , PHP .
allow_url_include
off
, , , , - PHP , ( !) .
PHP , .
PHP HTTP- HTTP-.