I've already said where - /home/username/squirrelmail/data and /home/username/squirrelmail/attachments
As for permissions - given that you are running PHP-CGI - I suggest 600 (user: read/write)
The web site is run by what is called the web server. The web server is software that takes a request involving a url-path. The url-path is the part of a URL after the hostname and port, but not including the query string.
So far example in "http://example.com/path?query" then "/path" is the url-path.
The web server will attempt to match /path to special rules, and if it does not match special rules, then to a file or directory on the file system.
The web server software is given a "document root" directory at which it starts looking for files and directories. For example if the document root is /home/username/example.com/ then the URL http://example.com/path/filename will match the file /home/username/example.com/path/filename
The document root does not have to be named after the hostname; it could be public_html or www as is the convention with other web hosts or server software, or anything you want
DreamHost Web Panel calls the document root the "Web Directory"
Special rules include things like Alias, mod_rewrite, and other web server directives that depend on the value of the url-path.
Remap Sub-dir is the DreamHost name for Alias, which allows you to point certain types of url-paths to file system directories not relative to the document root.
Symlinks are filesystem pointers that can be used to point to files or directories that are also not relative to the document root.
Having said that, naturally you do not want sensitive data to be accessible from a document root or a directory or file that is subject to Alias and symlinks. That is because by default there is nothing to prevent the sensitive data from being downloadable by anyone. You have to specifically setup something else to protect the data. It's easier to stick it somewhere safe instead.
openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7