How to prevent direct url access to .thtml theme files
The theme files used by JReviews are able to process php code because they are included by php files themselves. However, they are not .php files and it is possible to access them directly by entering their location in the url. This would allow someone to see the source of the theme files. Even though this is not a security risk since the files don't have any sensitive information, if you want to prevent direct access to these files you can add the following line to your .htaccess file:
# Parse .thtml files as .php AddType application/x-httpd-php .thtml
This forces the server to parse .thtml files as .php, and blocks direct access to them.