Jenkins runs external processes such as CVS, Ant, Make and so on,
whose path is configurable from the web menu system.

Please make very sure to enable login restriction under Manage
Jenkins -> Enable Security if your server is reachable from any
(untrusted) network! If you only run it on localhost, be sure to
block access to the HTTP port using pf(8).

Take these steps before you start the server the first time!

See more information at
http://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins