Hosting Provider risk concerns on writing to global.asax and web.config

My hosting provider send me the below message

Is it a risk do we need it for the setup and then change back the permissions??

Provider Message:

Hello

elektronio.gr write permissions has been enabled for
\App_Data\
\bin\
\Content\
\Content\Images\
\Content\Images\Thumbs\
\Content\Images\Uploaded\
\Content\files\ExportImport\


we have security concerns enabling write for the folder entire folder \bin\ and \plugins\
we also have secuirty issues with enabling write permission for the files global.asax and web.config

you understand by enabling about 75% of your website, specifically the bin folder and files

\Global.asax
\web.config


exposes your website to write access by hacker -
if your account gets flagged as hacked - you account/ website could experience immediate service interruptions


please confirm you understand the security concens and if another options exist
to protect your website from hackers



I hope we have answered your questions with satisfaction response

If you have more questions regarding this issue, or this issue continues to concern you, please do not hesitate to login to OccSupport Suite and update or re-open this ticket.

Otherwise - please create a new ticket if you have a new issue.

nopcommerce  need modify permission for  these 2 files at the time of installation only.  if the shared host provider does not give modify permission for these 2 files then just host it in the localhost ( iis) and browse. it'll ask installation. then give shared hosting database credential and install it. it'll create a database and tables. then copy the local files to your shared hosting server. it'll work fine.

The site needs write access to the web.config at all times because if you modify the SSL settings for the site, they get stored there.  Otherwise you need to modify the file manually.