While the key files for the acf-openssl are not visible from the web interface, it would be more secure to also set the key files and password files to 600 permissions

(from redmine: issue id 644, created on 2011-05-10, closed on 2011-06-13)