Is it unsafe to keep a Laravel project files inside public_html?
I assume that when you mention public_html, that you are using a cpanel like shared hosting solution. In these scenarios, the apache hosting configuration and access to respective folders is managed by the hosting provider. That means you have limited access to restrict access to your code. Typically the hosting provider makes all files in public_html public.
So if my assumption on your setup is correct, the answer to your question is: Yes this is unsafe.
You may also want to know: How can someone install laravel safely on a shared hosting server?
You should follow the instructions from laravel-news. This article will show you how to pull out the folders that should be public and update your configuration to point to the sub folders that migrated to a new location.
Hope this helps.
You shouldn't ever keep the application source files in a publicly accessible location. That is the entire point of having a public directory in the first place, to restrict what can be accessed.