The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by read ing these files.