Hi, sorry for the late reply - yes I used reportbug.
Closing this issue just because php7.4 was removed from unstable isn't not really great to see. The bug occurs on stable. If you update buster to bullseye the proposed upgrade mechanism _will_ switch off php in apache2 and therefore expose all php-(config)-files until php gets reactivated by the user.... Philipp