For (different) security reasons, websites are only allowed to access files in their own htdocs folder. That way, if your website would ever get hacked, any malicious code cannot infect other websites on the same account.
If you want to restrict access to certain files so they cannot be accessed by browsers, the best way is to do so is with .htaccess rules. If there is a folder in your account which should not be accessible, simply create a file in that folder with the name .htaccess and the contents deny from all, and nobody will be able to access the files from the web.
I would NOT recommend tinkering with CHMOD/file permissions. It’s very tricky to restrict web access that way, and if you do it wrong, you’ll lock yourself out too.