You shouldn't have to worry about the permissions settings when it comes to security. Your hosting provider should take care of that so that even if you have read/write/execute permissions someone would have to have ftp access or be able to execute script from a php page before they could take advantage of it... and at that point they could change the folder permissions as well so you have already lost the war.