Right now, LSWS just follow linux file system permission, not act like suphp which block script with permission mask 777. LSWS uses open_basedir instead. However, it is nice to have feature, so we will add it to our to-do list.
Yes, those permission settings posted in the image is for static files, found it cause more trouble than what it helps, so we turn it off by default. It probably is a good idea to have similar check for scripts running in suEXEC mode.