Are you sure it is /etc/passwd out side the jail, not the /chroot/etc/passwd? If it is, then it is a bug means that the CGI has not been chroot properly.
As some application need to read /etc/passwd to work properly, so I don't recommend making it not world readable, you can fake a passwd file in the jail. Information in /etc/passwd is not very sensitive to me. :-)