[eluser]Daniel Moore[/eluser]
Yes, it is best practice (just to confirm that part.) But as Aken said, if the views are in the application folder, they are already restricted.
I generally set up my application to where everything except index.php and my assets folder (images and css) are outside of the web root in order to make securing it all a bit easier.