That the per-user profile directory is world-writable allows an attacker
to hijack code run by other users, as has been reported in the context
I believe it applies to Guix as well.
Nix people are tracking it here:
Looks like we’ll need to do something similar to: