Seafile putting mysql access passwords in clear text in multiple files

I just installed seafile (http://ift.tt/WmlQKZ) and am shocked to see that these files:

seahub_settings.py

and (if one weren't enough...)

ccnet/ccnet.conf

do store your sql database passwords in cleartext by default in the files itself. Permissions are set to Readable to the group 'others' for both of these files.

Any idea what went wrong at seafile development team and how to mitigate this grave issue?