...sensitive source files on a web host? I'm sure there is a web programming pattern to add this layer of security to my web host, I just can't find it. Changing file permissions doesn't help because the world needs to be able to read files for the pages to behave correctly. Since they can read the files, they can also just navigate to them and read the source code. Please help!

It's not possible to protect any sensetive information that is to be sent to a browser. The only thing you can do is process it server side.

is it really worth it?

css has to be read , as css, so it must be css. (you could stop using it,. JavaScript can do much of the same, but sloppier). css can be served from a cgi program , only to the pages on your site, with any extra crazy security you want (but they can be 'view sourced')

html has to be read, as html, so it must be html (you could use less html and use more ajax with headers to protect the data from prying eyes)

JavaScript doesn't need to be read, it needs to be executed! it need not resemble the original code (look at google's scripts!) A simple packer makes JavaScript unreadable to all but the best hackers!
http://dean.edwards.name/packer/ is the easy one time packer, there are other versions for automated packing!

and of course, all server side programs are protected by your server!

It's "Don't put anything sensitive in client side code in the first place".

The browser has to be able to parse the code, and if the browser can, then so can users.

http://dorward.me.uk/www/hide/