Please explain the security implications. If you make the key readable only by some users then it requires more deployment-time setup to get things right.
The security implications vary, but generally private keys should be readable only by the processes that need them, to whatever degree is practical, and entropy that is used to generate a key should be considered roughly equivalent to the key itself.
This is not to say that leaving a private key world-readable is necessarily a horrible idea; it can certainly ease deployment, and there are always tradeoffs. But it does mean that this key is only as secure as your most vulnerable user account - including unprivileged user accounts running riskier services (unless they are genuinely sandboxed).
Making it readable only by a certain group is going to be better, security-wise, and shouldn't be too much more difficult, and so may generally be a better idea, but my key objection was that it sounded like a statement of policy: "we're only deriving keys from this, so we don't need to be careful with it" - which is bad policy without considering the protection the needed by the specific keys. The article does talk about this some later on but not (IMO) clearly or generally enough.