There is no good reason why a visitor should be allowed to view all files in a directory.
Deny it by default.
If you don't have control over the server, you can prevent directory browsing by putting the default document in every directory.
Usually index.html (Apache) or Default.html (IIS).
In cooperation with SecurityHome.eu