I think that the file is a bit outdated.
“Security issues around PHPlist.
November 2003”
Especially this point:
5. Run the website as an apache user who has no other permissions on your server, particularly
no write permissions in any of the documents of your website.