Basic things to do to tighten up the Tomcat configuration. Out of the box it's not really set up for production use.
Remove unnecessary webapps
Strip down the server.xml
Take out connectors you don't need. Get rid of comments to make it easier to follow. Strip the examples code. What user account functionality do you need for your apps, and for the server admin/management tools if you use them?
Some basic tuning
Reloadability and such. Logging. Connector tweaking.