Actually, that is what I do myself, and what I suggest you consider. . Other wise, I supposes there is some “security by obscurity” aspect of just suppressing the directory listing, but not much point to that, IMHO. People will browse “up-tree” as you pointed out, and that can put one, albeit a small one, obstacle to running those “test” scripts in their path.
Of course, you can always just suppress the directory listing by placing an .htaccess file containing the directive:
into that directory, but using an index.html gives you a little more flexibility (for instance, you could put a meta refresh line into the index.html file to immediately re-direct them to you home page!).
I think that is very much a matter of personal opinion. On DreamHost, you don’t really need a cgi-bin, though it does make it easier sometimes to install packages that expect certain thngs to be in a “cgi-bin” directory (you don’t have to edit as much code to change paths and all).
That said, I don’t think there is anything inherently “unsafe” about having a commonly named directory - just make sure all the permission for you directories and files are set with necessary security in mind. Again, the “security by obscurity” concept is what we are talking about here, and I just don’t think there is enough advantage in that to make it worth doing, though YMMV!