Is it safe to store vendor, data\user.json and other stuff under public directory?

Public directory may be using for storing assets and index.php which looks like:

<?php
require_once "../backend/index.php";