I'd say move it (no queries for something that is loaded a billion times by bots), but I can't see how someone could edit it with proper CHMOD :P
It's not a security issue at all.
Any language folder is (unless you add specific server-side restrictions) accessible directly by URL, so it's nothing different.
It's a "txt" file, so unless you attached the php-handler to txt files as well, it should not run anything on the server, just show the text, so not really a security issue. ;)
That said, I never saw the point of having it outside the language directory, so I'd favour the moving of the file to the languages directory. nods
/me feels cool coz emanuele said the same thing he said :D
/me feels derived didn't understand anything of the topic O:-)
I put on github an issue https://github.com/elkarte/Elkarte/issues/2196, for point 1. Move in the respective language folder.