Roland Illig wrote:
> And here it is. I don't think it is security-related since the name of 
> the file indicates that it is only used for reading configuration files. 
> I have already reported it upstream.

This is a known, but yet unsolved problem:
  http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3838

ciao
     Klaus