Insecure default scripts directory

[randomdross]

My comment from the security review (#461):

Is this essentially insecure by default? If it’s insecure with the default setting that should probably at minimum be called out explicitly in the wiki.
https://github.com/postmates/cernan/wiki/Configuration#Scripts-Directory

So IMO, there either shouldn't be an (insecure) default location configured, or at least the wiki documentation should very clearly state that the default should be changed prior to any production deployment.

blt@ suggests this issue may be interesting for more than just scripts:

Depends on what cernan is shipping of course, but, yeah. I guess it is. The wiki should be amended. I'm open to suggestions for alternative behavior. My main thinking when I wrote this was that it's easy to screw up the operation of cernan by fiddling with those files. We never implemented checksums or recovery for queue files, on account of there not being a call for them at the time of implementation.

Weak area, generally.

Oh, you're talking about scripts here. Well, both are probably unsafe. If you craft a special purpose queue file for, say, the kafka sink you can get cernan to ship whatever you want. Same deal for scripts.