Configuration files with sensitive information are accessible from the outside.

So you’re migrating your Magento installation to another domain and you’re not wanting to wait for your domain name to transfer or for DNS to sync you get this warning in the Magento admin panel: “As a result, configuration files with sensitive information are accessible from the outside.”. That, when you do some research, seems to be associated with the /app/etc/local.xml being accessible from the outside.

But being the good system administrator you are, you made sure that either AllowOverride All was enabled on you Magento base directory or for the better administrators, you moved the config for each directory to Apache and set AllowOverride None, and you’re still getting this message?!

The problem resides in the code Magento uses to check if your config file with sensitive database password is accessible from the outside. It does this in Mage_Adminhtml_Block_Notification_Security.php;

    private function _isFileAccessible()
    {
        $defaultUnsecureBaseURL = (string) Mage::getConfig()->getNode('default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL);

        $http = new Varien_Http_Adapter_Curl();
        $http->setConfig(array('timeout' => $this->_verificationTimeOut));
        $http->write(Zend_Http_Client::POST, $defaultUnsecureBaseURL . $this->_filePath);
        $responseBody = $http->read();
        $responseCode = Zend_Http_Response::extractCode($responseBody);
        $http->close();

        return $responseCode == 200;
    }

This needs to be able to resolve itself. If the address still resolves to another address that will return an 200 OK page (perhaps your old domain) then the error will be displayed. This will fix itself when DNS syncs. Or alternatively you can make sure your new domain name is added to /etc/hosts file or c:\Windows\System32\Drivers\etc\hosts.