Typically (almost invariably, I suspect), the PHP process runs in a different user account and group to the user who owns the directory. Thus, the permission has to be xy7 (where x is the owner's permission, y is the owner's group's permission, and 7 is the "everybody else" permission).
Now, of course, PHP has to be able to read the directory contents, and write to them. Hence that means it needs to be set to '7'.
Note, of course, this does not mean that anyone in the world can edit or view these files: only users logged in to the server.