Permissions relate to whether a file / folder is:
readable (by user, group, world)
writeable (by user, group, world)
executable (by user, group, world)
Depending on the file / folder, permissions need to be restricted, to prevent unauthorized people from writing to, or even executing such files / folders (and their contents).
Because the configure files contain such sensitive data, they must be READABLE ONLY.
On most servers, this CHMOD setting is 444 (or 0444) = READ ONLY for user AND group AND world.
Some servers are configured to allow 644 (0644) without generating the ZC security warning, but I always set to 444 regardless.
If, after setting to 444, you are still getting the warning, then a server configuration issue is usually the case, and your host should sort this out.
It is common for servers NOT to allow chmod to 444 via a FTP program, and this level can only be set at the CPanel.
If your host has tried the setting at 444, and cannot explain the re-appearance of the ZC warning, then start to have doubts about your host's knowledge of server configuration.




