644 is owner write, group and other read.
You will be able to edit or overwrite it via FTP.
As for the question of whether someone else, namely the web server, can overwrite the file and inject code into it, is a touch question to answer.
Are you running Apache? is php a compiled into Apache or running as a cgi? Is Apache running as the same user as the account your asking about? There are probably as many questions to ask you fi you're on a MS server, but I don't have a very good handle on IIS anymore.