It is likely that you have malicious users testing your installation to see whether you have placed your files directory somewhere web-accessible. It appears you haven’t, so there is no way for them to invoke the script and cause trouble. You can remove those files if you like.
Regards,
Alec Smecher
Public Knowledge Project Team