If enabled, you have to login with a username and a password that has the "admin" role before changing the configuration or running a new build (look for the "login" link at the top right portion of the page). Configuration of user accounts is specific to the web container you are using. (For example, in Tomcat, by default, it looks for $TOMCAT_HOME/conf/tomcat-users.xml)

If you are using Hudson in an intranet (or other "trusted" environment), it's usually desirable to leave this checkbox off, so that each project developer can configure their own project without bothering you.

If you are exposing Hudson to the internet, you must turn this on. Hudson launches processes, so insecure Hudson is a sure way of being hacked.

For more information about security and Hudson, see this document.