Due to data loss from another agency here at the State of Utah, there has been a huge push to increase security.
Soon, by default new server machines are isolated on the network. They can't talk in or out even to other machines on the network without explicit permissions granted in the firewall.
I would be nice to have in the documentation wiki a single page that deal with network communication (Ports used, who talks to who) and authentication issues for security. For example by default the passwords for the site are sent using HTTP (Clear Text).
I would think that for security purposes (Especially if you use LDAP) that the configuration is the recommended configuration would be to use HTTPS. This does not need to be done by the installation because certificate management is a pain, but it might be nice to see documented.