@brendanmckeown what are the permissions to /app/etc? are you using Nginx or Apache?

@piotrekkaminski
Using Apache (2.4.18), app/etc has the same perms as the others, directories are 770 and files are 660.

I have exactly the same problem ! Have you found a solution ?

I have the same problem, with files are 664 and directories 755. the root folder (public_html) has 755 as well.

This message eventually went away on it's own, without me changing any file permissions. I'm now running 2.0.2.

I have same problem in windows.To solve what I did is disallow /app/etc/config.php access.You have to create .htaccess and add following code into it.

Order deny,allow
Deny from all
RewriteRule ^(.*)config.php$ - [F,L]

To fix message "Your web server is set up incorrectly and allows unauthorized access to sensitive files. Please contact your hosting provider".
1) ### shh- Run the following command from your root account. ###
chown -R accountuser:accountusergroup /path-to-root-folderl/

2) ### ssh - Run the following command from the domain account user(not your web server account such as apache etc). ###
find . -type d -exec chmod 770 {} \; & find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento
chmod -R g+w /path-to-root-folderl/{pub,var}
chmod -R g+w /path-to-root-folderl/{app/etc,vendor}
chmod -R g+s pub/static pub/media .
find var/generation -type d -exec chmod g+s {} \;
find var/session -type d -exec chmod g+s {} \;

3) ### ssh - Run the following command from your root account. ###
chown -R domain_account_user:webservergroup /path-to-root-folderl/var
chown -R domain_account_user:webservergroup /path-to-root-folder/app/etc
chown -R domain_account_user:webservergroup /path-to-root-folderl/pub
chown -R webserverUSER:webservergroup /path-to-root-folder/var/session

This will fix this error and many other error. Note: disable SUPHP when using magento 2, you will save yourself a lot of headache.
Currently I'm running mod_mpm_event with ea-apache24-mod_cgid and PHP 7 and ea-php70-php-fpm.

I had my magento 2 running with just mod_mpm_event with ea-apache24-mod_cgid and PHP 7 before I added PHP-FPM.

If you are running cpanel/ apache and you don't want to use easyapache to move to mod_mpm_event + ea-apache24-mod_cgid you can use shell from ssh .
Run the command bellow from ssh .
yum shell
remove ea-apache24-mod_mpm_worker
remove ea-apache24-mod_cgi
install ea-apache24-mod_mpm_event
install ea-apache24-mod_cgid
run
quit

Here is the permission sets I ran on Nginx and still getting dashboard warning error, please help:

Update permissions:

sudo find var vendor pub/static pub/media app/etc var -type f -exec chmod u+w {} \;
sudo find var vendor pub/static pub/media app/etc var -type d -exec chmod u+w {} \;
sudo chmod u+x bin/magento

sudo find . -type d -exec chmod 770 {} \; && sudo find . -type f -exec chmod 660 {} \; && sudo chmod u+x bin/magento; sudo chmod -R g+w /var/www//{pub,var}

update the permission to write:

sudo chown -R :www-data .

Generate the content

sudo php bin/magento setup:static-content:deploy

vendor/magento/module-admin-notification/Model/System/Message/Security.php

This file always use server curl post to check a file http://domain.com/app/etc/config.php can be access or not, if receive 200OK, then the notification bar will be shown.