I recently came across the following piece of code in the secret-memory crate:

impl<const N: usize> StoreSecret for Secret<N> {
    type Error = anyhow::Error;

    fn store_secret<P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> {
        std::fs::write(path, self.secret())?;
        Ok(())
    }
}

As far as I understand this, it does not ensure that the file has to proper permissions.
This is not acceptable, a secret must never be written into an insecure file.