Answer:  Yes, allowing the OS to control OS authentication can be very risky, but it's safe in a closed-in environment (no internet ports), and where the OS systems administrators understand how to lock-down their servers.  I've seen cases where remote shell (rsh) is enabled and a hacker gains access to one server, only to have rsh access to hundreds of other server, and full access to the Oracle instances on those servers. 

Formerly called ops$, remote OS authentication required careful planning, see my remote access best practices guidelines.

However, because of the high risks, and possibilities for an inexperienced DBA to inadvertently expose their database, the remote_os_authent parameter has been deprecated in Oracle 11g, and a safer method is used. 

See Metalink note: 456001.1 for workarounds and details.
 
In 11g and beyond, the default has been changed for os_authent_prefix from ops$ to null, and os_authent_prefix should be set to null to prevent confusion.  Many novice DBA's don't understand that ops$fred is the same as an OS user named fred.

Also, see these important notes on OS authentication in 11g with the deprecation of remote_os_authent.

Remote OS authentication before Oracle 11g

If you are sure that your OS environment is secured, you can enable remote access by setting remote_os_authent=true, which means that Oracle will authenticate remote connections using the os_authent_prefix.  

This will allow remote users to connect to the Oracle database without supplying a password. See this page for complete details on enabling remote OS authentication on UNIX and Windows servers.

Understanding the security holes in external authentication

For an example of the security exposures with remote OS authentication, assume a database named DB1 is on a server named Server1 and the client machine is named PC1.  The DB1 database is defined to allow the "SCOTT" user external OS authentication:

alter system set remote_os_authent=true, scope=spfile;
alter system set remote_authent_prefix=ops$
create user ops$scott identified externally;
grant dba to ops$scott;

However, note that the user SCOTT is a PC user ID, and NOT an OS user on the database server.

However, when the user connects to the database without a user ID and password, his OS user ID (SCOTT) is used, and checked in the data dictionary

sqlplus /@db1

In this case, the connection is accepted if the remote_os_authent parameter is TRUE, otherwise it is rejected.

To disable this remote OS authentication feature, place the following lines in the iit.ora of spfile:

os_authent_prefix = ""
remote_os_authent = FALSE