The PHP files load it into memory - and this trick does not protect information loaded into memory. If a vulnerability allows him to run his own code into memory the trick is defeated.
An analogy is two companies with uniforms. If someone from Company A dons the uniform of Company B and pretends to act like he is with Company B then he can go where Company B goes and learn what Company B knows. If you siimply move the door to the secrets room, he can easily find it if he takes the time - he's already inside!