Server path disclosure is a serious hole jeopardizing your security.
All theme developers should secure the theme files which are not supposed to be called directly.
It is very easy to find the path to your theme folder and then just call searchform.php or single.php or any other file which is used as included theme file.
By doing that you would see something like:
Fatal error: Call to undefined function: bloginfo() in /var/www/myhost/mysite/docs/wp-content/themes/mytheme/searchform.php on line 2
If a hacker needs your server path he/she has it.