the world as i know it.

Every effort is made to have each version of Apache Tomcat to ship with a system of reasonable defaults for security purposes. This means that the standard defaults for the security settings are reasonably secure—it is not as secure as it could be, but not horribly insecure either.