Hello.
I am not sure if this problem only affects me or if it's a general problem:
The backup folder and the files created in the backup folder are owned by root:root, however they are readable for all other users.
I did
chmod -R o-rx /backup
now to fix this myself.
I think if possible this should be changed in CWP, since if one user is compromised the user will be able to read all the files of the other users from the backup folder, which includes database settings / passwords and so on.