If you still want to try without it, use chmod g-s /home/tc. setgid is set in tc-config if you want to remaster it, although it may be easier just to add the chmod line in bootlocal.sh.
I don't think umask wouldn't affect this, iirc. Is there a reason why you don't want setguid btw?
How the files in /home/tc are accessed after creation depends on the umask. Currently it's set to 0022, so read access is granted to 'others'. This suggests that whether or not setgid was used, the same RO permissions should apply.