zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.