Again, this argument is bunk. If they're not supposed to be ran by
normal users, hiding them behind a path is no form of security. One can
just run the full path to it. If they're not supposed to be ran by
users, they should have correct permissions on them, or they should
check EUID of the caller before doing anything.