If you're using Tiger

Then go and read Macworld: News: Dashboard: Widget (In)Security

Here's a taster to scare you enough to read the advice there:

Widgets are owned by the user, and can do anything that a user can do. For instance, they can remove files from your home directory without asking permission. They can run anything from the command line that a user can. They can call any AppleScript that a user can. If you’re now starting to get a little nervous, you’ve got the right idea.

[Read the comments below my post too as this may be less of a threat than I thought]