the package installs wrong ownership(root with no other access) for /etc/zabbix directory and config files. I agree that the files are sensitive as they contain a plain text DB password. However these files must be owned by the user zabbix that the server and agent are running under.
also there is wrong (root) ownership on /var/lib/zabbix/* directories. zabbix user is not able to to rx them..