There is a lot of sensitive info in /var/run that shouldn't be readable by "any" user.. pid files etc
And you certainly don't want write access there for "nobody" user to place fake files..
/var/spool/mail has email content.. read access isn't such a problem as the files have correct permissions, but world write access will allow possibly damaging files to be placed there..
Usually 755 is a better permission for /var & subdirectories..
Does bbclone still request 777 if it is run as "root" ?
I don't have these problems running mirrordir