/etc/postfix file ownership, secure?

So, the files in /etc/postfix directory are world accessible. This means, a user on the system can easily see all email addresses. Which sort of means if a spammer purchases a seat on your host, it’s trivial to harvest a lot of email addresses.

So, other than securing the logins so users cannot poke around, is there a good way to secure those files without breaking anything in Virtualmin?

This seems bad to me.

And if you are using the server for a backup email, and, making use of relay_recipients for those domains, then, even worse, even more “free” email addresses.