Comment 3 for bug 1814238

OK... there is at least one sequence that does this.

When you:
1. restore files to their original location and
2. some files in the backup are outside your $HOME and
3. you have no deja-dup cache files for the backup location (like on a fresh install)

In that case:
1. We write the encryption passphrase and/or network connection password to a file like /tmp/deja-dup-XXXXXX so that we can run duplicity as root using pkexec with those settings. (normally we pass those via environment variables, but pkexec strips those)
2. That file is only read/writable for the current user (mode 0600).
3. It is deleted when the restore is finished.

So, while not ideal, this doesn't strike me as a critical bug. Still though, we should consider ways to not do that.