Per-user configuration file is world readable and may contain sensitive information, such as SMTP server password.
vulners.com/securityvulns/securityvulns:doc:7939