It was reported  that the default permissions of /etc/hostapd/hostapd.conf were insecure (0644) considering they could contain credentials (PSKs, shared radius secrets, etc.) that would then be world readable.
This is a low-impact flaw that be mitigated by changing the permissions to the file (upstream has done this now).
This was assigned CVE-2012-2389  (although no credentials are written by any tools or by default to this file, so an administrator should logically tighten up the permissions if saving sensitive information to the file).
Created hostapd tracking bugs for this issue
Affects: fedora-all [bug 824661]
This is corrected via hostapd-0.7.3-9.fc17 and hostapd-0.7.3-9.fc16.