Why are private variables in an object "visible" from the outside world?

Question

Given this example:

class Database
{
    private $host,
            $database, 
            $username, 
            $password,
            $type;

    public $active_connection;

    //Some methods
}


class Page
{
    private $db;


    public function __construct($id)
    {
        // Some code

        $this->db = new Database($id);
    }

    //Some Methods
}


$page = new Page(0);

var_dump($page);

This will output the private variables of Database Object, even though they are marked as private (and so, as I understand it, unusable by the outside world).

My questions are:

1. Is this a security risk?
2. Is there a way to effectively hide those variables marked as private?

thanks in advance

EDIT: In this project, the admin section will provide the ability to create custom PHP scripts to incorporate in the site, as sections. Since this is being developed to a third party entity, my concern is that, for some reason, the costumer inadvertently dumps the $page object (which is, in our code, the main modifiable object) in order to "explore" it.

Answer 1

Encapsulation is an architectural mechanism, not a security measure, and can't be used as such.

How exactly would an attacker exploit this security risk? It's only accessible from inside the source code, so he can as well read the source code for your protected class, or any other source code in the project.

Besides, even in C++ you could get access to private members by preparing a pointer with the right offset into the object.