With an improper umask privileged accounts could potentially create files
with undesired permissions, giving file access to anybody.  A decent
umask is <tt>022</tt>, which provides write access to the file owner,
but only read access to group or other.