PHP include files should definitely be kept in a directoy that is not publicly viewable; i.e., outside of public_html. Since PHP runs on the server, and can access files on the server, allowing people to view your PHP code can pose a security risk.
You could create a directory for your PHP include files at the same level as public_html. For example, /home/user_name/php. Then put a line like this in your .htaccess file:
>php_value include_path .:/home/user_name/php
This adds the directory to PHP's include path, so you don't have to reference the file by it's absolute path. Take a look at the PHP Manual for more information.