The security section in the HBase book only talks about using Kerberos. There is a simple user access mode too that is not documented.
This should be documented for development systems and HBase installs where security is not an issue, but they want to prevent user mistakes.
I've added a section to the security chapter that talks about simple user access. The new section makes it very clear it is not secure.