diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 5f72f835..1f86a69d 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -19,6 +19,7 @@
 
 import glob, os, sys, re
 import shutil
+import stat
 import subprocess
 import time
 import operator
@@ -43,6 +44,9 @@ def read_config(opts, config_file='config.py'):
     if not os.path.isfile(config_file):
         print "Missing config file - is this a repo directory?"
         sys.exit(2)
+    st = os.stat(config_file)
+    if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
+        print("WARNING: unsafe permissions on config.py (should be 0600)!")
 
     options = opts
     if not hasattr(options, 'verbose'):
diff --git a/fdroidserver/init.py b/fdroidserver/init.py
index 82e533ed..09125551 100644
--- a/fdroidserver/init.py
+++ b/fdroidserver/init.py
@@ -109,6 +109,7 @@ def main():
         os.mkdir('repo')
         shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), repodir)
         shutil.copyfile(os.path.join(examplesdir, 'config.sample.py'), 'config.py')
+        os.chmod('config.py', 0o0600)
     else:
         print('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
         sys.exit()