I'm going to use multiple programming languages (Python, Ruby, PHP) in highload project and I'm interested if it worth to place sensitive files such as database configuration files or server controllers in the directory outside the root folder.
I read that this is recommended for pure PHP application, than how about other languages?
As a rule of thumb, anything you are not serving straight to the user shouldn't be in the root - it shouldn't need to be there, and you don't want to risk it getting served to someone by accident.
Django, for instance, recommends taking this policy. (In fact, they recommend using two completely different web servers for Django and serving content if possible).