One problem you should be aware of is the fact that one of the boinc component programs (don't remember if it's boinc or boincmgr) generates loopback "traffic" once a second. Some firewall software - like Zone Alarm - reports this as internet traffic when in fact it isn't. I've never liked this aspect of boinc but there are legitimate reasons for it. Supposedly the newest version of Zone Alarm allows you to ignore loopback traffic (packets sent to and from 127.0.0.1) but I have the latest paid version and haven't been able to find it. Unfortunately this is a permanent feature of boinc so when you tell people about the program, be sure to warn them that this behavior is harmless albeit annoying.

If ultra concerned over safety you can add <suppress_net_info>1</suppress_net_info> to the <options> section of the BOINC cc_config.xml file. This is the description in the wiki:
After applying this, my device name changed on WCG My Device Statistics and Result Status pages to just show the Device ID assigned by WCG like 123456. This number is different for each project attached to, so x-corellation is further hampered for the outsider. IP addresses were never visible at WCG, but at other projects the result is indeed that these disappear. e.g.
As can be seen the internal net IP and Domain name are gone. The ISP IP address is dynamic anyway for most, so though it shows it's only valid for as long as not refreshed/renewed.

As for firewalls mentioned, I've added BOINC.exe to a rule with the IP addresses of the projects I'm attached to. e.g. WCG is IP 129.33.89.133+134 (in addition to the loopback localhost address 127.0.0.1). This way, if ever a project moves or goes rogue or a hacker were able to steal the url and redirect, would it have an added problem to overcome (unless the dns server would get poisoned too).

Recommended is to only use BOINC downloaded from a trusted source, speak the WCG download page or directly from Berkeley developers.

Added: Note that this "suppress" feature disables the recognition of the host when reinstalling a client!

There's on option to stop the new attaching of projects.

Added: This <disallow_attach>1</disallow_attach> is the <options> line to add to the cc_config.xml to block any additions or re-attaching

We are discussing two kinds of projects. World Community Grid projects, and BOINC projects. The entire World Community Grid is a single BOINC project.

Within that single BOINC project, WCG have a number of active research projects. They have all been security audited by IBM, and have all the security features that World Community Grid provide.

Other BOINC projects come in all shapes and sizes, and can be started by anyone. Some are from respected institutions, others are just started by some guy somewhere. They have varying levels of security, and I fully respect companies that want to block such projects entirely.

BOINC projects can't attach themselves, but unless BOINC is installed properly, it may be possible for your users to add other BOINC projects that weren't authorised by the company. The option Sekerob described is for this situation.