When you run “pt-agent --install”, the configuration file it creates, /etc/percona/agent/my.cnf, will contain the username and password of a user with SUPER privileges. While this is necessary for the agent to function, the file and path to it are WORLD READABLE. This is NOT necessary. This means any user on the system will be able to access your database with this user account.
You should immediately change the permissions on the file to something more restrictive, like 0600. You can also set the permissions on the path to it (/etc/percona/agent) to something more secure, like 0700. If you installed the agent as a non-root user, the path may or may not be different.
I filed a bug #1306326 for this on 11 April but Percona has not responded.