Is this really an issue considering that /tmp and a bunch of other directories are usually world-writable?
Coupled with the fact that .deb packages are just .ar archives, which preserve permissions of their members. After `debootstrap` begins its execution, APT unpacks packages in the chroot, with permissions and layout of the directories preserved.
