Where do I put my files and databases that I don't want anybody to access?

Put them in your "_private" directory. Then using Frontpage, right mouse click on the directory, select "Properties" and turn off the "Allow Files to be Browsed" option.

Additionally, protect folder contents by removing IIS Permissions.

Add Feedback