It is a development instance. Installer should place proper rights on file, however this won't solve issue in general.

I do not think that any installer should create/set access rights to any file in user home directory (or default IDE
user dir). Who/when creates this file?

Done a bit of investigation on NB 6.5 and found that 

- First scenario: If you select Tomcat that bundled with NB when you install NB 6.5 (and later version),  the file that
contains the Tomcat server manager's default username and password is stored in
~/.netbeans/6.5/apache-tomcat-6.0_base/config/tomcat-users.xml.  Although the file is world-readable, the password
inside the file is encrypted.
The entire folder ~/.netbeans/6.5/apache-tomcat-6.0_base which is the default ${Catalina_Base} chosen by NB is NOT
created at the time of NB installation, but at the time the Tomcat server is first started by users via NB
Servers->server node's popup menu.

- Second scenario: if you manually at Tomcat server to NB via the Add Server wizard, you are asked to enter username and
password for the manager role among other things. The username and password is stored in plain text in tomcat-users.xml
file under ${Catalina_Base}/config folder, where ${catalina_Base} is the folder you enter to the wizard.

Possible solutions:
- Option 1: encrypt the password in the second scenario before storing the password to tomcat-users.xml, then no need to
change the permission of the file.
- Option 2: Create the file (tomcat-users.xml) without word-readable perm, then no need to encrypt the password in
either scenarios.

Fixed in web-main e0f3545105f5.

Integrated into 'main-golden', will be available in build *201204021038* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main-golden/rev/e0f3545105f5
User: Petr Hejl <phejl@netbeans.org>
Log: #143033 base_dir/tomcat-users.xml is world-readable