Thanks everyone for the help and also for actually showing me how the whole location thing is processed. Also, I had read the IfIsEvil post and had it on my list of things to fix but never got far enough up the priority scale to actually do. Now, thanks to you guys I do not have to worry about that anymore.
Incidentally, I haven't looked very hard but I do not see a way to do same thing I know how to do in Apache where only certain users are allowed access to certain directories. Being able to do this would simply the next step in tweaking the config file.
Thanks,
Brian