The default /etc/ntp.conf specifies a key file and key IDs for all three sorts of keys; the default key file contains default/sample keys. The net effect is that a NTP server started without commenting out this section of the ntp.conf file will allow anyone on the Internet who knows the default /etc/ntp/keys contents -- ie most everyone who can read an RPM file somehow -- to perform remote control of the NTP daemon. This allows anyone on the Internet to control the local clock (delete all the configured peers, add a set of peers under your control that feeds the target system bogus time), among other things. I strongly urge RedHat not to ship an /etc/ntp.conf with keys enabled. With the requestkey, controlkey, and trustedkey statements commented out, the daemon will not allow this remote control. (I would suggest commenting out the line that specifies a key file too.) I'd also suggest a strong comment in both files that one should NOT use the default values, so people aren't tempted to just uncomment things and run that way.
Done