There are configure.php files in /catalog/includes/local and in /catalog/admin/includes/local that are not mentioned in the guide.
At least I did not see them. If you change the password to your hosted site, you need to change the password in these files as well as in those in /catalog/includes and in catalog/admin/includes
The guide also tells us to secure the configure.php files by changing permissions to 644, but the code inside the store complains if you have not changed them to 400. That is read-only for the owner, and no access for anyone else. The software works fine with the tighter security level.
The pages where it would be appropriate to add this information are locked.