PHP & cron: security issues

You should keep this file outside of public_html

/usr/local/bin/php -f /home/mysite/script 
// is secure from public access

Suppose if u don't want anybody to run the file via http then set the cron by using php command as you are doing and add htacess to cron folder to block http request to the folder by adding

deny from all to htacess

Suppose if u want the cron folder to be password protected then it can be done as mentioned in the URl

http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/