A cross site request forgery (or CSRF/XSRF) is an exploit that enables an unauthorized third party to take actions on a web site as you. In Hudson, this could allow someone to delete jobs, builds or change Hudson's configuration.

When this option is enabled, Hudson will check for a generated nonce value, or "crumb", on any request that may cause a change on the Hudson server. This includes any form submission and calls to the remote API.

More information about CSRF exploits can be found here.