props and transforms files need to be in specific locations for Splunk to read them. (typically either in etc/system/local or in separate apps under etc/apps/)
props and transforms need to go on the relevant component, depending on the type of config in them (index time config needs to be on HF / Indexer, search time config should be on your SHs), you can't freely choose that
Can you provide some context around this question? What requirements do they have to keep these files "highly secure"? What does that mean and what do they want to protect these files from?