Here are some hints and remarks on security in moregroupware.
Check the rights on your installation files and folders. Some hints on this are given in the long version of the installation instructions.
There is no need to worry about the sess_* files in your webserver's /tmp directory, as long as these files are only readable by the user your webserver runs as. You don't need to delete them as well, PHP will do this automatically with a given probability after a sessions expired. See the PHP manual for more information.
You might want to delete the setup/ folder after successfully installing your installation of moregroupware.
Think about the scripts in the scripts/ folder of moregroupware, some might give others the possibility to gather information about your system, you would rather like to keep private (e.g. systeminfo.php). You may want to restrict access to this folder or move it elsewhere. If you don't need it's contents, you can safely delete it.
If you use moregroupware outside of a closed network environment, consider using SSL. moregroupware is completely SSL-transparent, i.e. you can use it without any changes on an SSL-enabled webserver.
We are trying hard to make the moregroupware code itself as secure as possible, by checking all input data, etc. This work is still progressing, so be aware of those (low) risks.