Awstats.pl editable by users

when awstats module is enabled, it creates cgi-bin/awstats.pl in every virtualhost. i am not sure if it is run by some module, but this file is writable by user owner, which can be security risk...