3
As MithyT2 wrote, only those folders should be writable by the web server. Also, mainfile.php should be writable only
during the installation procedure. After the installation is complete you will be prompted with a warning in the admin area, to change this file to non-writable, if we are talking about a *NIX server always