Zookeeper authentication and authorization would help improve Giraph security. A Giraph job's interaction with Zookeeper happens within a job-unique Zookeeper directory. This Zookeeper directory should be secured against unauthorized access.
Zookeeper provides security through per-user authorization and SASL authentication. We should have Giraph jobs use SASL to authenticate themselves with Zookeeper and, upon authentication, set appropriate permissions on the Zookeeper job directory.