No, he was putting public keys (not private) into a home directory. Specifically, the user was root which was only possible because a)
/root was exported (via exporting /), b) root squash wasn't enabled. Yes, nfs3 is fundamentally insecure. Any vaguely competent sysadmin knows this and knows to take appropriate precautions.
And what's the appropriate action besides root_squash and proper host access control (/etc/exports,tcp wrappers, firewall, etc
It still doesn't do any real authentication.