A user account that is used by application pools or services must have permissions of a domain user account and must not be a member of the Farm Administrators group or a member of the Administrators group on the local computer. Using highly privileged accounts for application pools or services poses a security risk to the farm, and could allow malicious code to execute.
The Farm Account, which is used for the SharePoint 2010 Timer service and the Central Administration site, is highly privileged and should not be used for other services on any computers in the server farm. Services in the farm were found to use this account.