A friend of a friend passed along a valid concern today: Hudson/Jenkins can run arbitrary shell commands. 

People all over the place are running public Hudson servers, so I don't think this is necessarily of *great* concern, I mean we can probably just run it in a chroot jail and call it golden. 

That said, while I've set up several different CI solutions for internal use by software teams, it was always behind a corporate firewall. This will be my first world-facing adventure with continuous integration. 

I think this is worth talking about. Does anyone here have any experience to share that we can potentially learn from?