volgens Douglas Broad.
If I read your post correctly, it was probably a mistake to put your Apache server in your user path. I put mine in c:\xammp. In any case, put moodledata in the same folder as your server, not in the htdocs folder. The moodledata folder is not directly accessible by the public(AFAIK) so no security holes there. It is used by Moodle itself (as a resource area I believe).