To handle temporary data, one frequently used practice is to store the data in temporary files. To correctly handle temporary files, the user needs to know where the files should be placed, how to handle the files, and how to remove them when they are no longer needed.

Option A is incorrect because placing temporary files in a folder called "temp" in the web root is not secure. Doing so would allow anyone with access to the web root to access and potentially manipulate these files.

Option B is also incorrect because placing temporary files anywhere in the web root is not safe. This can make the files accessible to anyone who knows the filename or path.

Option C is not always necessary. While it is important to remove temporary files when they are no longer needed, it is not always possible to remove them completely from the server. In some cases, temporary files may be necessary for the proper functioning of the application.

Option D is not a recommended practice. Changing the file extension does not provide any additional security or protection against unauthorized access.

Therefore, the best option is to store temporary files in a separate folder that is not accessible from the web. This folder should have strict access permissions to ensure that only authorized users can access it. Once the files are no longer needed, they should be deleted using secure deletion methods.

The Answer is: C