Perform file operations in a secure directory. In most cases, a secure directory is a directory no one other than the user, or possibly the administrator, has the ability to write, execute, create, move, delete files or otherwise manipulate files. (Other users may read or search the directory, but generally may not modify the directory's contents in any way.)
...
Ensuring that file systems are configured in a safe manner is typically a system administration function. However, programs can often check that a file system is securely configured before performing file operations that may potentially lead to security vulnerabilities if the system is misconfigured. There is a slight possibility that file systems will be reconfigured in an insecure manner while a process is running and after the check has been made. As a result, it is always advisable to implement your code in a secure manner (that is, consistent with the other rules and recommendations in this section) even when not running in a secure directory.
...