The following files should not be world readable on installation: - the web app configuration file (as it contains the passphrase for the encrypted Django fields) - the sqlite database (as it contains the OAuth key and secret for the Pulp server)
Fixed for 0.0.16