setting anon=0 in your exports will set any unknown uid to roots uid, allowing unscrupulus people to create scripts which will execute as root and wreak havoc on your system.
Not a recommended procedure as far as system security is concerned!
As far as I'm aware, all anon=0 does is that it changes the default mapping of root access on NFS clients from uid=-2 to uid=0.
By default root (uid 0) on an NFS client gets mapped to uid -2 (i.e, ``no perms'') for the purposes of access control to files/directories in the export. All other users get mapped as per normal.
If you have an export option of `root=somehost:anotherhost', then root on somehost or anotherhost get mapped to uid 0, and they have full permissions.
Alternatively, if you use `anon=0', then all clients with read/write access to the filer (either explicit rw= entries, or implicit if there's no access= or rw= lines - not recommended) get root access.
This is not a problem with respect to system security if used correctly! For example, given a netgroup called `ro_clients' who you want to share a partition to read-only, and a netgroup called `mgmt_hosts' who you want to export r/w and have root being able to work, you could use something like: /vol/vol0/usrlocal access=ro_clients:mgmt_hosts,rw=mgmt_hosts,anon=0
This obliviates the need to have multiple root= entries in the export, which is good because if you have a lot of hosts you can exceed the length of an export line (probably around 1K or 4K or something like that). That's why you use netgroups, but you can't use netgroups for `root=' lines.
Again, if used correctly `anon=0' is NOT a problem. In fact, I often find it easier to manage than root= entries.