Here is a workaround for JRA-19248: Dashboard widgets fail with HTTP 401 malformed security token, when left unattended for some time. Set the 'Refresh Interval' on the gadgets to 1hr (or less). It's worked for me so far.
Edit: Well, it worked for several days, but apperently 1hr wasn't quite often enough. I'm trying with 30min, someone else reported having to use 15min. One more thing to note is that this issue is fixed with Jira 4.1.