According to the dump(8) man page, the .snap directory should have 0770 permissions, but after running newfs and mounting a UFS file system, the .snap directory permissions are 0777.
I looked at the code, and after a newfs the permissions are 775. I validated this in the source code for newfs, that it creates the inode with permissions 755|020. The 755 is hard coded into mkfs.c.
I'm not sure how it is coming out as 777 in your case, as this code hasn't changed since 2005.
The comment in the dump man page isn't entirely correct; it should be at least 050 (that is, owned by root, group operator, and readable+searchable by the group).
We could also change the newfs/mkfs.c code to use a more restrictive mode.
dump(8) doesn't check permissions on .snap, only that it exists and is a directory.
As email@example.com says though, src/sbin/newfs doesn't have code that could create a .snap with mode 0777 so unless the submitter can give us a test case to reproduce then this could be closed.