Oh and one more: The underlying /tmp (i.e. when not mounted) is now still 1777/drwxrwxrwt .
It might make sense to change that to e.g. 0755/drwxr-xr-x? Of course that would leave a defunct /tmp if the tmpfs is unmounted, but at the same time prevent accidental writes there. So depends on whether it's still intended to have the non-tmpfs /tmp.
