I've talked some with Wietse, and it seems his replacement rpcbind
does exactly the same thing wrong as teh real thing.
However, this is not  big security problem people can exploit at will.
It requires teh system administrator to want to kill and restart
rpcbind.  It will then dump out the tables to /tmp
(unsafely) and when started up it will reread them (also unsafely).
So if you refrain from killing rpcbind with SIGINT or SIGTERM, you should
be OK.
If you have "set nfssrv:nfs_portmon = 1" in /etc/system, you have little to
worry about when it come sto rpcbind as shipped by Sun, it also now filters
many different indirect RPC calls.
(Indirect RPC calls are required to suport broadcast RPC)
Wietse's rpcbind continues to offer the advantage of filtering and
logging, but it should be noted that rpcbind need not be involved
in remote procedure calls at all. Portscanning and then calling also
find rpc services.
Casper