Config.json world readable?

I have just installed last version with docker.
I have enabled the admin page and made some configuration (smtp).
After that I can see a config.json with all my config (and my smtp password in plain text) in the data folder. Every file in this directory is world readable, including the config.json. The stmp password is thus readable by everyone who access my system (ok nobody except me should access to it!).
Is this a feature?

So nobody can take a look a its config.json file?