What is the best practice for storing sensitive configuration values like database passwords in PHP applications?