I must say that the organization you were referring to has a rather strange open door, excuse me, security policy. You are right to be very uncomfortable with an external organization passing NFS traffic into your network.
One might paraphrase that "other organizations" security policy like this: In order to prevent break-ins into our building, rather than controlling who has access to the keys, we'll leave the doors out completely and therefore save the worries and hassle about maintaining lists of who has and who doesn't have access to the keys.
IMHO, frankly, the other organization's security policy is bogus and an invitation to hackers. It's amazing how much fun and delight it can be to comprise security via NFS. Almost more fun than back-rev Sendmail installations, actually. ;-)
I would be more than happy to supply you with hard evidence instead of my above "appeal to logic". NFS is not secure, and never will be. Security was never a primary concern of NFS, more like an "add-on".
NFS vs. FTP
From: "Data Systems Bureau" <lasdsdn @