Script Security & Different Passwords

When installing phpBB, I noticed that the config.php is world-readable (644 permissions) and it has the domain administrator's password in plain text. I'm concerned that this may be a more general problem with all script installers. At the very least, it seems that the config files should not be world-readable.

More importantly, I know it makes administration easier, but it is terrible security to use the same password as the domain administrator for all installed scripts and databases. I would like the option to specify a separate password per script. It should be easy to maintain (i.e. change/reset) these passwords in the future, such as both updating the database and the config file as needed.