The user owns their home directory, hence they can change the modes as per their needs.
One way to remedy this is to run a periodic QA kind of script that reports on the users' home directories that are "world-readable/writable". We do this in our environment about once a quarter and send this out to the respective team managers. The onus then shifts to the managers of the application teams to ensure that their team members follow our recommended guidelines. This also helps us from an audit perspective; less last minute remediations.