uid_map file is created as world writable which may be a security risk.
Some input provided by Anton are
It is a reasonable concern. Guess we should create bug ticket for this.
There are two workarounds:
1) it is possible to run openhpi daemon without using uid_map.
2) it is possible to set uid_map file location other than /tmp or /var.
The file should be less than or equal to 644.