Description of problem: When using MySQL or another database as a back-end to SquirrelMail, /etc/squirrelmail/config.php contains the database name and password. So it's access rights should be limited (now root:root 644, so anyone can read this, and screw up the SquirrelMail database). Since Apache (running as apache:apache) should still be able to read this file, its rights could for example be changed to root:apache 640.
I fixed this in FC2, but I'm not going to errata it for the simple reason that rpm won't change the permissions during the upgrade.