I'm making a CMS system, in PHP, that I plan to redistribute. Until now I've never had to think of programming for multiple situations, etc as I've just made things for my own servers where I know the exact settings.

This system is flat-file based, reading from and writing to XML files. The most sensitive data stored is the IP addresses of visitors (could use a different method which doesn't require the storage of this information). No passwords, system or otherwise. Apart from that the only data in the XML files are things like news articles, comments, etc.

I'm wondering how important Chmod/permissions are? The system only needs to be able to write to the files a little bit for the "user-side" (statistics, and comments). Now I could add the chmod function to my "savexml" function so that the files are made writable (0777) before hand, and set back to read-only (0644) afterwards, but in some cases (like my own host) this can't be done ("operation not permitted").

If the files were all left as 777 permanently, what damage could be done? What kind of security risk is there in doing this? Or is there a chmod value that will let the script read/write the files, but stop anyone from accessing it via other methods?

Any help is greatly appreciated.
Thanks.