Description of problem:
The default /etc/sudoers currently contains the following secure_path setting:
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Not only is this duplicating the paths (since UsrMove), but also, most crucially, the /usr/local/* paths are missing. Hence, it is not possible to use binaries in /usr/local. (The /usr/local paths should also come first to allow overriding system binaries with newer or modified versions in /usr/local. But sudo doesn't even search /usr/local at all.) Please note that /usr/local is only writable by root and thus perfectly secure. Please change the setting to:
Defaults    secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

Version-Release number of selected component (if applicable):
sudo-1.8.21p2-1.fc2[5678]

How reproducible:
Always

Steps to Reproduce:
1. sudo sh -c 'echo "$PATH"'
2. Compare with su - -c 'echo "$PATH"'

Actual results:
The output of step 1 is just "/sbin:/bin:/usr/sbin:/usr/bin", not honoring /usr/local. The comparison step 2 outputs a sensible path.

Expected results:
Step 1 outputs a path equivalent to step 2.

Additional info:
kdesu misbehaves similarly, I filed bug #1506422 for that, and I found this bug while debugging that.