How does it work?

The security is file based as everything in Executor. If the security is on, the job descriptions that you submit are signed (gpg --clearsign) and the host that tries to execute a job description will verify that the signature is valid (gpg --verify). A valid signature means that the host has the public key of the signer.

Do I need it?

No, if you are running Executor in a controlled environment where you are the only user of your computers, or: the only user of a given user account under which you run Executor. Otherwise probably yes. Think about it: Executor runs as "you". You will want to copy files from one computer to another, delete files or execute tasks. You not want your neighbour to copy/delete your files.
But a statement like "without security anybody can access my computer" is wrong. Executor is based on shared/synced directories. Only people/computers that can write in those shared directories can operate Executor. The security is an extra layer to implement a policy "even if we share a drive, I shall not let you see my home directory"."

How do I use it?

You need the (i) gpg program, then (ii) you'll create a key pair, then (iii) you'll share your public key among the hosts where you want to execute your programs.

(i) The gpg (Gnu Pretty Good Privacy) is available for most platforms. If you are using Linux, you probably have it already. For Windows, please install http://www.gpg4win.org/, and for OSX https://gpgtools.org/.
The command that we use for Linux is simply "gpg". Windows and MacOSX packages seem to install a shortcut that has the same name, so the comand is the same for all the platforms.

(ii) You can create a private/public key pair by a GUI in Linux/Windows/OSX, but for the sake of simplicity, here's the command line.

gpg --gen-key
We assume below that we create here a key for person "Executor Demo".

(iii) The goal is to get someone (Executor in another computer) to recognize you as a signer of a job description. The method is to add your public key in their "keychain" i.e. the list of trusted keys. We do this by extracting the key here and then adding in the other computer: 

gpg --output executor.gpg --armor --export "Executor Demo"
gpg --import executor.gpg