It was discovered that the luci configuration file was generated in an insecure manner. Because the configuration is generated on-demand via the luci initscript from a template, and because it is created and then has its permissions changed, the /var/lib/luci/etc/luci.ini file contents are briefly exposed to local users due to world-readable permissions. Acknowledgements: This issue was discovered by Jan Pokorný of Red Hat.
Lifting embargo.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1603 https://rhn.redhat.com/errata/RHSA-2013-1603.html