To ensure that your settings.php file is only loaded from the admin interface, place this line at the top of your settings.php file (see also XXX: secure against hackers):

if (!defined("PHORUM_ADMIN")) return;