It depends, I know with the host I'm on, if I create a directory and want a script to be able to write to it, it needs to be chmod 777, which causes security issues. This may or may not be the case on your host, but I'm guessing it is (you can start with the lowest chmod that will allow writing and go up to 777 and see which one works or ask your host).
PHP is executed (in my environment anyway) under the user "nobody" and group "nobody" so the only way it can write to a file that is not owned by "nobody" or group accessible by the group "nobody" is with world-writable, so my solution was to have the back-up script I use, WP-DBManager, which I set to write to a directory that was above www document root, so it is not accessible from via URI and that is set as 777. Technically it is still writable by the world, but since it should not be accessible via URI, on people on the server can write to it and my server is set-up in "jail-cells" which seems to mean it would be difficult to get access to it from outside my account. This is the best solution I came up with besides having the script create the directory and having it 755.
Take prudent measures with permissions, but I think in the end, if someone really wants to hack you, they'll figure out a way. I'm sure there is an easier/better way, but I just don't know what that is!