Re #1, Yes, and there is a step before that... logging on to the system.
Really? Because I'm pretty sure no one logs into most of the systems on the networks I manage, and yet they make use of NFS. Not extensively. but it is definitely a thing.
The point I'm making is that the strategy behind NFS shares a lot of commonalities with the general UNIX design mindset. This is an inescapable conclusion. NFS does make allowances if you need different behaviours, for example with maproot or mapall.
NFS depends on a "closed network" anything on the authorized network could theoretically just log in and claim to be UID 1000 or whatever, couldn't it?
Sure, if you've authorized it. Just like if you are on a UNIX box and you set the permissions on a directory to uid 1000, anyone holding uid 1000 can get into that directory.
If you apply a blanket policy of "allow hosts on this network to access the NFS", then obviously you get the behaviour you configured.
However, you can limit mounts to specific hosts, and you can make specific mountpoints read-only or read-write to specific hosts.
Paranoid admins might even take to the more extreme measures of locking down ARP address mappings, in the server, or in the switching architecture, or both.
This is incredibly simple technology compared to the complexities of CIFS and AD.
If I put the mounts in the fstab on my Linux system, what happens if my FreeNAS goes down/isn't up?
Does it cause the Linux machine to crash or prevent logon?
If you use a hard mount, accesses will block until the mount recovers. This is designed for situations where traditional filesystem semantics are required.
You can use a soft mount, which allows interruption of accesses, which is friendlier to users but changes the behaviour a bit.
Is there a simple way to do proper authentication? It would be useful to be able to have automatic access a work dataset on FreeNAS.
Of course! None of this lets you magically access the share without authentication, it's just that the authentication happens on the client, not on the fileserver. You can use standard UNIX auth, YP, LDAP, etc. etc.
You can also set up stuff like the automounter to automatically mount an NFS share only when someone is trying to access it.