Shops using the Linkpoint / YourPay API Payment Module (v1.2.x or v1.3.x), should be aware that your PEM file supplied from LP/YP is confidental!! Unless you specifically setup access restrictions to your PEM file, it can be viewed publically. This is dangerous for you the shop owner!!

This vulnerability had been reported late last year to the module's author with no resolution.

The solution is simple. Create a .htaccess file containing the below settings
PHP Code:
<Files "\.(pem)$">
Order allow,deny
Deny from all
</Files
Upload the newly created .htaccess file to directory (same as pem file location):
../includes/modules/payment/linkpoint_api/

Remember to do this for your http and https related directories - if you have the PEM in both (and are using 2 separate directories for non-SSL and SSL)

You can test the viewablity by typing the path to the file in your browser (remember to clear cache inbetween tests).
Ex. _www.YOURDOMAIN.com/includes/modules/payment/linkpoint_api/xxxxxx.pem

For some reason there is no official support thread for this payment module.
The closest one is http://www.zen-cart.com/forum/showthread.php?t=39031 and is LOCKED to new posts.