Your site’s readme.html file also contains the WP version information, so it should be made impossible to read via HTTP as well.

There are a few different ways to do this. You can give the file a unique filename, relocate it to another location or change its permissions via chmod so it can’t be accessed via HTTP