Somebody please correct me if I'm wrong, but I'm seeing a serious difference between how NGINX is configured for PHP relative to Lighty or Apache. I'm new to NGINX, but attempting to disect each line of a recommended config file, so bare with me.
On Lighty or Apache, php is configured on a more global basis. That is, php files should always be parsed/interpreted. A client will never see raw PHP for any normal situation.
With NGINX, I'm seeing a lot of config files that suggest handling php with a single location directive (~ \.php$), neglecting the fact that other location directives (with no fastcgi_pass declared) may also refer to site locations with php files. With the lack of fastcgi_pass in these other location directives, raw php can be served to the client. Serving raw PHP to clients seems pretty dangerous no?
Is there something very fundemental I'm missing here that would prevent NGINX from serving raw PHP code, regardless of how individual location directives are configured? Or is this really just the way it works?