The Althttpd documentation contains a few typos under the "Security Features" heading (emphasis mine):

Thus is it safe to put auxiliary files (databases or other content used by CGI, for example) in the document hierarchy as long as the filenames being with "." or "-".

should be:

Thus it is safe to put auxiliary files (databases or other content used by CGI, for example) in the document hierarchy as long as the filenames begin with "." or "-".