By default the personal folder is a normal folder with its default workflow. Making an item private is one way, but maybe not what you want. To make its permissions different from the default (whatever permission you need), you best assign a custom/different workflow to this folders.
One way is to duplicate the portal-type (FTI) of this folder and create a custom one. (like MyMemberFolder) and assign it to be used as the type for member-folders in ZMI in portal_membership (or in code with api.portal.get_tool('portal_membership').setMemberAreaType('MyMemberFolder')).
The other way (never tried it, but should be simple) is to utilize CMFPlaceFulWorklfow (which is part of the Plone Distribution) and configure it to apply custom permsiiosn using an own simple workflow for all under /Members.
notifyMemberAreaCreated is automatically called on creating the Memberfolder. You could leverage that to run code that disables inheriting permission on the Memberfolder, leaving only the Owner with Permissions. See Products.PlonePAS.tools.membership.MembershipTool.createMemberarea for the code that calls it. I think it was mostly intended for Python-Scripts in acl_users whcih is kinda ugly.
Otherwise you could use a eventhandler that listens on IObjectAddedEvent and checks if it the container is /Members and does that change there.
On the other hand I also like @jensens idea to change the memberarea_type and use a custom workflow.
Thanks for your suggestions (sigh, not that easy for me ), I'll look at them.
Just note that I don't want all the members to have on their personal folders only read permission: it must be the case only for the members of a given group (here the "Students" group) and e.g. the members of the "Teachers" group should have all permissions on their personal folders.
), I'll look at them.