Installing WHMCS, lists a bunch of fails:
Distrubuted in a ZIP file, ZIP files do not store any file permissions.
Recommends a permission of
777 on several critical locations:
The security steps page casually repeats the
777 mistake, it then goes on to recommend to put these world-writable directories outside the webservers’s document root. This will almost never protect these directories from tampering.
Curiously, this page also mentions:
You cannot set folder or file permissions to be 777 when running suphp or phpsuexec - the highest permissions are 755 for both folders and files.