I agree with DosDawg... 644 permissions are ok if your server is properly configured. Even on a shared server this is sufficient even if another "shared" customer's site is compromised. I believe that this is what the open_base_dir restrictions are all about. Now (speaking to those who are running dedicated servers or are in the hosting business) if you have a MAJOR breach of security such as allowing your customers on a shared server to have non chrooted ssh access, then you are asking see more for trouble with more than just Dolphin scripts.

This is a good discussion topic because Dolphin WILL run with unsafe permissions if it is not installed correctly. (This is despite the installer check for permissions)

Many of the hacked sites I hae seen were either because someone had overly permissive settings on Dolphin, or primarily, because they had some other script that had wrong permissions. People tend, when they are given the opportunity, to install all sorts of things on their websites that they want to try out, and then forget about them. Thereby, giving a hacker the time and opportunity to break into their site.