If you don't want it access directly put it outside the web root and use
can access the file, then the client will be able to also. You would be
better off using PHP to send/receive info to jQuery and hide that file
outside the web root so there is no direct access.