By default, php is disabled, although it can.
So no, no one will know where you have left a letter.
Although I see in the crystal ball what problem-the problem is quite different.
is hidden and secret
Classified script which can be knocked from the outside is not so secret.
Especially if called mail.php.
In order to still make it a secret need to add at least a password to access it.
And then it will be exactly "secret".