true, but it is unnecesary for the private key files themselves to carry read permissions for group and world. there are situations where the keys need to be copied somewhere else for deployment, and this is an unnecessary security risk when they carry incorrect permission modes.
openssl creates private key files with mode 0600, and asks for a passphrase, which if specified then has to be entered every time a server using that key is started
This is leaning towards the security hinge point is just an attribute on a file.
Private keys should always be handled with extreme care.
If you are going to protect people who don't know anything about security with such a step, then you have a long way to go; As you can't always protect people from themselves.
Can this be automated?
If so, then there is probably a loop-hole access into that file.
If not, then you must login and provide that password every time it is required.