yes, i can see it running with your ip.
HFS is by default read-only.
There's no way for me to know that you didn't create an account that once logged in can upload or delete stuff, but I assume from your words that you didn't do it.
Be careful exposing your php files, or other files that may contain sensible informations.
A php file in HFS is just a text file where people can read your source.
You may expect that it is executed and only its output is visible, but that's not true in HFS (because it doesn't support PHP)