Security question relating to executing server-side script

I've written a python script using selenium to imitate a browser logging in and buying some stuff from a website. Therefore, the python script contains log-in information along with payment information (checking account info, etc). If i configure my apache webserver to be able to execute python scripts, so that when a client presses a button it runs my purchasing script, is there anyway that the client could see the contents of the python script (thereby gaining access to sensitive login and payment info)?

I remember reading that if an error occurs, the script开发者_如何转开发 would show up in plain text in the browser? Should I prevent this by using try and except blocks or is there a better method I'm not aware of?

Thanks for all your help in advance.

it is usually a good idea to put such information in an external config file which can't be served by the webserver directly and read this file in your script. in case of a configuration error the client might see your sourcecode but not the sensitive information