>>
>
> Why shouldn't they be readable by default?  What is the threat you're
> trying to defend against?
>
> Make something read-protected if there's a problem, either because the
> data is inherently secret (i.e., keying material) or because you're
> trying to conceal something about local security policy that isn't
> readily discernible by other means.  Very little, if anything, in
> rc.conf fits that description.

anyway i change everything that user doesn't have to read to 600.
that's other policy - if user don't have to read it, the read access 
should be disabled.