Mac OS X is based on BSD and by default does not have any services running, which makes it reasonably secure out of the box. One of the major differences between Mac OS X and the original BSD is the way Mac OS X deals with some information - for example, the password file in /etc is there but not used. Such things are taken care of via netinfo. However, this application enables local users to gain sensitive information about other accounts present on the system (usernames, passwords, uids, etc).
The /var/backups directory contains sensitive information about the operating system. This directory is not protected with adequate security settings, allowing anyone with local access to read them. Further, the programs nireport, nidump and netinfo are executable by any local user, and they provide sensitive information on your security settings and user accounts.
