I know that you're not proposing this, but can I just interject that if you make any of these files unreadable by 'other', then supermin appliance building will break.
http://libguestfs.org/febootstrap.8.html#supermin_appliances
I think supermin appliances are a sufficiently useful mechanism to generate virtual machines / cgroups roots on the fly that we shouldn't break it.
Rich.