The fact that NFSv4 has no concept of true "Authentication" and just blindly accepts whatever the client sends is the craziest network application design ever:
Client: Hi, NFS server, I'm Bob! UID=1000
Server: Hi Bob! Here's access to all of Bob's files! I trust you and don't need a password or anything!
Client: Thanks!!!
And to you, I say, that's crazy! Setting up Kerberos just to authenticate users for access to my Linux ISOs is a crazy large requirement! Sure, it might make sense for an enterprise that already uses Kerberos + LDAP + NFS + certificate management, but for everyone else, that's a lot of infrastructure to set up and maintain for what should be BASIC functionality.
EDIT
ALSO!!! Why the fork does NFS run as a kernel module (nfsd)!? Shouldn't that be an external daemon!? Who the heck thought any of this was a good idea!?
<sarcasm mode>
Dev1: Here's a great idea! Let's run an insecure network server in Kernel space!
Dev2: OMG! You're so smart! Let's also exclude any encryption!!!
</>
The FreeBSD, Solaris, Mac OS X, and Windows (yes, even Windows) implementations of NFSv4 are fully featured with this stuff.
I am criticizing NFS as a whole, and specifically its Linux implementation.
Wish the downvoters all the best in their future NFS endeavors.
Doesn’t the secure option require ports only a root user can bind too? And you can always create secure tunnels if the physical network is insecure.