the answer
Well if you must know the gory details (apologies for any errors).
In the underpinnings of your typical unix system there is a concept of users and a concept of groups. There is an account called "root" who belongs to a group called "administrator" with the power to do anything on your system. In the old days of pre Windows NT and Mac OS 9, this sounds like your typical windows/mac user but on multi-user systems, this sounds sort of scary. Now access control is done by changing your username to "root" with the command "su root -" (su = super user) and hacking away as a different user who now has access to everything.
This wasn't fun because now everyone has the root password. Unfortunately "groups" are not "roles" so there are some limitations, but it made a passable "next best thing". This "thing" is to create a group called "wheel" which users could belong to. Now instead of "su root -" one types "sudo <command>" (sudo = "do as super user") and then the OS prompts the user for their password if they are member of this wheel group and executes it "as root" (if they are not a member of this group, they are not prompted and can never access as root). Thus the system administrator account ("root") is locked out, but you can still do things "as root" if you are a member of a special group.
The major security issue fixed here is that now when a user no longer is an administrator you don't have to generate a new root password and provide it to everyone. Another security issue is that the username "root" is now inaccessible to remote hack attempts, so a dictionary attack on that account is going to fail.
The rough Mac OS X equivalent here is obvious. You don't see the System Administrator in the Accounts Preference pane (though if you look under /users/ you'll see the user as "root" in NetInfo Manager). Instead an "Admin" in your Accounts basically does the equivalent of assigning the user as part of the "wheel" group.
I say equivalent here because I don't understand this NetInfo management stuff that was inherited from NeXT and is part of OSX. This is being replaced with LDAP the same way AppleTalk is being replaced by Rendevous and TCP/IP. To the end user it makes no difference, but to a unix hacker, you may sometimes run into some strange effects. For instance if you "cat /etc/groups" you'll notice that only "root" is a member of the "admin" and "wheel" groups, but when you look in NetInfo manager you'll notice that you and your fellow admins are a member of both groups (while root isn't a member of the wheel group). Weirdness!
I hope this helps,
terry
Once more without the technobabble! If I created a hyperlink on my webpage that points to "ssh://rm -rf /*" (or somesuch) and you clicked on it in 10.2 pre-update it cannot remove EVERY file on your hard drive (only the ones owned by you which very often is most of /Applications and your entire /Users/username/ directory). And, if I changed this to a like like "ssh://sudo rm -rf /*" it would prompt you for your administrator password first, thus saving you from your own stupidity. The idea of some nut creating hyperlinks that look like normal hyperlinks but start deleting your entire hard drive or creating accounts or opening up security holes on your computer simply by you clicking on them is not very appealing.
The proper thing to do, was never allow such a bug to exist, which is exactly what Apple fixed with this update. This means "web location files cannot execute arbitrary commands in Terminal" with the assumption that "Terminal" is what is run when your browser sees "ssh:" and "telnet:", of course Apple can't be expected to fix every bug in every 3rd party program, so we'll assume you have the Apple provided defaults of having Terminal as the Helper program for these URLs.
BTW, you can modify this with a freely available program called "More Internet" preference pane.
Also before Jaguar (I believe) Terminal didn't understand the "ssh:" or "telnet:" URLs so this wasn't an issue.