Symbian platform security protects applications from each other by only allowing an application to automatically access its own data and settings. If the data is stored on a file/per application basis then this is stored in a private directory that can only be accessed by the application by default. If the data/settings are stored in some sort of shared repository, then the repository provides an API which checks whether the application has a right to access the data, based on its secure identifier.

QSettings appears to be stored in a public area, which means that any application can affect the data of any other application. On the Symbian platform I would expect that either:
a) QSettings would be stored in an application specific manner in its private directory, or
b) QSettings would be stored in the central repository, or
c) QSettings would check the SID of an application accessing the file, and only let it change/read settings associated with the process SID.