Hi!,
I recently got my toolserver account. Looking for a way to set my bots (using pywikipedia framework) to run, I noticed many people using the framework haven't set the correct access flags to their "login-data" dir (inside your /home dir). This could lead to someone using those files to run your bot accounts.Although only other toolserver users can see these files, its still an issue . Please make at least that dir "not readable" for anyone but "owner".
--Pyr0.