The contents of the config.inc.php file won't be displayed even if php stops working. The result will only be an error message. To make the server display php files as plain text you would need to both reconfigure the web server (edit Apaches http.conf file) and restart it.
The permission setting of 777 for config.inc.php might theoretically be a security risk if someone has shell access to the server, knows the location of the file, and that it is readable. Although this is highly unlikely, storing all the settings from this file, except the database parameters, in a database table would make it possible to set more restrictive permissions on the file. Since most other php scripts work like this, we will change it for the next release. It will also make the config.inc.php file much cleaner and easier to understand.