Python's interpreter doesn't keep proper file permissions after
importing library. See the fallowing:
mk@laptop ~ $ echo "key='top secret'" > key.py
mk@laptop ~ $ chmod 600 key.py
mk@laptop ~ $ python
Python 2.4.4 (#1, Jan 8 2008, 21:22:16)
[GCC 4.1.2 (Gentoo 4.1.2 p1.0.1)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import key
>>>
mk@laptop ~ $ ls -l key.py*
-rw------- 1 mk mk 17 II 8 20:09 key.py
-rw-r--r-- 1 mk mk 120 II 8 20:09 key.pyc
mk@laptop ~ $
So, interpreter creates 644 pyo file (visible for all) which contains
secret data from 600 py file.
I think it should keep the original permissions, someone can save a
important data (eg. SQL login/pwd into Django's settings.py) into
library and makes it visible for all by an accident.