Your backup will work properly despite this warning 
You got to this page because Akeeba Backup detected that you are using the default backup output and / or temporary directories. This page will inform you on the potential pitfalls and security concerns of the default configuration, as well as how to secure your installation.
Do note that your backup will work properly even if you do nothing to make this warning disappear. Using the default directory is not an operational issue, it's a friendly security paranoia tip.
What's in the temporary / backup directory and why should I care?
The temporary directory files holds database dumps (.sql files), while the database dump step is running and a "memory" file, which allows Akeeba Backup to span the backup process between multiple steps without timing out. They are deleted upon proceeding to the next step, if the process ends with catchable errors or when a new backup is started (if the previous backp attempt failed). If the backup fails with a PHP fatal error, these files remain in place. A malicious user with access to those files could steal proprietary / restricted information and/or security data by examining these files.
On the other hand, the backup output directory contains backup archives. Some of them are complete archives, some of them could be incomplete (because the backup process failed at some point). Any backup file contains all of your site, including database contents and database connection information. A malicious user with access to those files could do everything and, what's more, produce an exact clone of your site to a server of his liking in order to explore new ways to attack your live server.
Why is using the default directories bad?
As said, a malicious user must have access to the temporary / backup files in order to exploit their contents. The default directories assigned to the backup output and temporary directory settings are in a well known, browser accessible location. This opens a potential attack vector, unless you take action.
How can I protect myself?
Alternatively, you can use a directory above your server's root, effectively not allowing anyone access it from a web browser. The downside is that if you are restricted by open_basedir restrictions and / or PHP Safe Mode settings you might not be able to use it to backup your site. If you are obliged to use a folder under your web server's root you are strongly advised to disallow direct web access to this directory. If your server supports .htaccess files this can be easily accomplished by creating an .htaccess file on your backup output and temporary directories with the following contents:
deny from all
