DocumentRoot /var/www/piwik
upload_tmp_dir /var/www/piwik_tmp (0700)

phpsecinfo.com says "Pass
upload_tmp_dir is enabled, which is the recommended setting. Make sure your upload_tmp_dir path is not world-readable
Current Value: /var/www/piwik_tmp/
Recommended Value: A non-world readable/writable directory
More information »".

SecurityInfo says "unable to retrieve file permissions on upload_tmp_dir".

So the SecurityInfo does not check the return-codes/-infos from phpsecinfo.com properly or the implementation differs from phpsecinfo.com. This is confusing and should be corrected and more documented for minimum debugging purpose. Thanks.