After the unification of puppet roles/profiles for the stat100x hosts, users with different access levels can coexist on the same hosts (see https://wikitech.wikimedia.org/wiki/Analytics/Data_access), Practically it is not a big deal since most of the users are `analytics-privatedata`, but in theory a user with lower privileges could read PII/sensitive data downloaded by a `analytics-privatedata` user to their home directory.
The main problem is that the default permissions for the home dirs, `$username:wikidev`, are set by the puppet admin module and there is no way in the code to override this behavior.
The ideal situation would be that users on `analytics-privatedata` could have their home directory with permissions `$username:`$username:wikidev` and 750 (users need to share data among themselves).