If you are using a command-line php interpreter, ie /usr/local/bin/php the php file does not need to be world/web readable. cron will run the script as you, so as long as you can read it the script will work.
This means it could be safe to directly embed the parameters in the script and change the permissions to stop webusers from running it.
If your script is used both by web users and the cron backend, you could
copy the script and make a seperate cron version. Which doesn't even have to be in a web serveable location. For instance my webpages live in /var/www/competitions/ but my cron scripts are at /usr/local/compinabox/bin. Apache has no ability to read anthing in my /usr/local/compinabox/bin. If you are on a hosting service and don't have quite this degree of control over the location of files you probably still have a "home" directory where you first log it, that apache can't touch directly. Normally something like /home/<username>, make a bin directory here to stick your cron scripts.
I don't beleive you can pass query arguements to cron scripts when invoked with php as no webserver is involved to parse the query string. You should be able, however, to pass command line arguments
like
my_php_script.php argument1 argument2.
The arguements are stored in the $argv global array.
See
PHP Manual for more details. (Sadly this is one of their less well written pages.)
My prefered way of doing commanline php is to use "sha-bang"s ie the first line of the script is
"#!/usr/local/bin/php"
now in cron you simply do
* * * * * /usr/local/.../scripts/test.php arguement1 argument2>test.log
The "Sha-bang" tells the computer to run the rest of the file through the php interpretter so you don't need to launch php first.