If you don't force the filer to only allow root to mount areas onto clients (ie force such traffic to come from ports upto 1024, ports which Unix only allows root to bind to normally) then it is possible for a user to write an rpc program to fake NFS traffic.
I once saw this demonstrated in college. However, that task is beyond most script-kiddies. For all I know there's now a standard tool though.
Most people don't make their NFS servers so trusting. It's not insanely hard to break NFS 'security' though, all you need is to pretend to be a trusted host, say the adminhost, convincingly enough and long enough and you're away.
I had great hopes for kerberos enabled NFS at the introductionof NFS3 but that all seems to have died a death, as has using Kerberos in the Windows environment.
Everyone I talk to now seems to be talking 'certificates' - as if the rest of kerberos has no value. *sigh*