diff --git a/bin/CryptoBoxRootActions b/bin/CryptoBoxRootActions
index 1e6350c..c11a88f 100755
--- a/bin/CryptoBoxRootActions
+++ b/bin/CryptoBoxRootActions
@@ -48,8 +48,9 @@ allowedProgs = {
 	"blkid":	"/sbin/blkid",
 	}
 
-## this line is necessary to run unittests - otherwise these tests are too strict
-# TODO: check this before every release!
+## this line is necessary for running unittests or playing around with a local
+## svn working copy - otherwise the security checks would be too strict
+# TODO: check this value before every release!
 OVERRIDE_FILECHECK = False
 
 DEV_TYPES = { "pipe":1, "char":2, "dir":4, "block":6, "file":8, "link":10, "socket":12}
@@ -112,10 +113,9 @@ def call_plugin(args):
 	if not os.access(plugin, os.X_OK):
 		raise Exception, "could not find executable plugin (%s)" % plugin
 	## check if the plugin (and its parents) are only writeable for root
-	## TODO: this doesn't work with cbx svn versions running by local user
-	## shouldn't we diable this while developing plugins?
-	#if not checkIfFileIsSafe(plugin):
-		#raise Exception, "the plugin (%s) is not safe - check its (and its parents') permissions" % plugin
+	## this can be overridden by OVERRIDE_FILECHECK
+	if not checkIfFileIsSafe(plugin):
+		raise Exception, "the plugin (%s) is not safe - check its (and its parents') permissions" % plugin
 	## check if the plugin is a python program, that is marked as a cryptobox plugin
 	if not checkIfPluginIsValid(plugin):
 		raise Exception, "the plugin (%s) is not a correctly marked python script" % plugin
diff --git a/bin/run_webserver.sh b/bin/run_webserver.sh
index 46527c7..f8a498c 100755
--- a/bin/run_webserver.sh
+++ b/bin/run_webserver.sh
@@ -12,6 +12,16 @@
 BIN_DIR=$(dirname "$0")
 BIN_DIR=$(cd "$BIN_DIR"; pwd)
 
+function disable_filecheck()
+{
+	sed -i "s/^OVERRIDE_FILECHECK = .*$/OVERRIDE_FILECHECK = True/" "$BIN_DIR/CryptoBoxRootActions"
+}
+
+function enable_filecheck()
+{
+	sed -i "s/^OVERRIDE_FILECHECK = .*$/OVERRIDE_FILECHECK = False/" "$BIN_DIR/CryptoBoxRootActions"
+}
+
 ## add the local python directory to the search path
 export PYTHONPATH="$BIN_DIR/../src"
 ## disable ssl detection
@@ -31,6 +41,13 @@ mkdir -p "$BIN_DIR/../ttt/settings"
 
 cd "$BIN_DIR"
 
+
+# disable strict security checks of CryptoBoxRootActions
+disable_filecheck
+
 ## run the webserver
 "$BIN_DIR/CryptoBoxWebserver" --config="$CONFIG_FILE" --pidfile=/tmp/cryptoboxwebserver.pid --logfile=/tmp/cryptoboxwebserver.log --port=8080 --datadir="$BIN_DIR/../www-data" "$@"
 
+# enable strict security checks of CryptoBoxRootActions again
+enable_filecheck
+