It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

Slave2Master security constructs whitelists using patterns. BTW, a pattern for the BUILD_DIR presumes that its's being always stored in JOBS_DIR/builds . If somebody configures other path using Jenkins Advanced options in Global configs, the whitelisting won't work properly.