TODO is frequently used in source code comments to indicate that something still has to be done (it is something "to do"). This is useful when just laying out the structure of a function, and the programmer doesn't want to deal with messy details yet. If multiple people are working on shared code, sometimes the TODO is followed by the programmer that is supposed to do that change.
The following code fragment might be in an htmlcode (on an Everything-engine site), whose purpose is to do a certain thing when embedded in a usergroup display page. Certain conditions (such as the current user being Guest User, or special-casing not allowing this to work for the editors group) cause us to bail out early. The check to make sure we're only trying to execute the code for a usergroup still has to be added.
# ...
return if $UID==$HTMLVARS{guest_user};
#TODO ensure current node is a usergroup
my $NID = getId($NODE);
return if $NID==getNode('Content Editors','usergroup')->{node_id};
# ...
see also: FIXME