Update: I've managed to create a crontab entry, which copies a modified version of afp.conf to /etc/netatalk every 5 minutes (I wish I could just copy it once and be done with it, but I am not sure how to instract crontab to run the copy only once).
However, I strongly believe that this is a very serious issue, that Western Digital should address. It is crazy, for a consumer device, to need you to ssh to it, change the permissions manually, change the afp.conf file manually, and change ubi0_0 manually in order to set the NAS up, so that it sets safe permissions to whatever you copy to it. I have been using afp to mount disks from several different systems (including an Apple Server, a Centos-based server, an ancient Synology Cube station etc) all these afp implementations maintain the permissions of files copied, as they were in the original disk. So I have to assume that WD's afp implementation is faulty.
Thanks are due to the participants of this discussion, for offering me the guidance to -somehow- fix a sever security issue affecting my MyCloudMirror device.