Most (all?) Horde applications come with test.php files intended to help the administrator determine if all needed applications are in place, etc. They can provide a wealth of information (including full output of phpinfo()) to a cracker, and are intended to be disabled for normal use. In the interest of security, ebuilds should chmod them to 0 at installation (the admin can enable them explicitly when testing). In fact, horde-2.2.5.ebuild already does this chmod explicitly in the ebuild. Ebuilds for other horde components don't, though. I submit that this chmod should be put into the eclass in horde_src_install().
hmm, didnt realize other plugins came with test.php, thought just horde did
added to the eclass, thanks