It has always been traditional that we delete installation folders upon the successful installation of a web application. Well, for me at least. Leaving it where it is (especially with directory listing turned on) is just suicide – possibilities are endless.
- Reset of admin account password
- Flushing of database
- Generation of publicly-accessible database dump
- Etc.
And that’s exactly what will happen to you if you think that you’re safe -
- YourOwnBux installation screen at an undisclosed site
(Of course, I’ve informed the site administrator about it.)
I hope he’s learnt his lesson. And everyone else has learnt from his mistake too. 
Edit: Yet another one
You'd think they'd follow instructions. But, no...
And again-
wooooot!
That aside, YourOwnBux has just suffered a full vulnerability disclosure from milw0rm. Expect more of its sites to get hacked pretty soon.