It's not a security hole
just look at your php-cgi wrapper the open-base-dir:
(took from your other topic)
Without allowing to acces /usr/share/phpmyadmin, www.friendlyphotozone.com/phpmyadmin/ will not work correctly.
If you ask why www.friendlyphotozone.com/phpmyadmin/ work by default, just look at the file :
If you want to change the alias
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /what-ever-you-want /usr/share/phpmyadmin
of course to do that you must be root or have root privilege.