Nautilus is currently supposed to work with and without fam installed. 
Not sure about what happens when fam is installed but portmapper is

I dont want to run the portmapper on a public box either, but I wont
lose sleep over it cause ill just probably get another firewalled box. 
But, yeah, I can see how this is a security concern.

Looking at the monitor code, it looks like if you cant get a fam
connection, which is what would happen if fam didnt work because portmap
was not available, then the callers of the monitor code need to deal
with that.  Theres even a call to find out if the monitor is active.

If more and more features in Nautilus are implemented with the
assumption that monitoring works, then im not sure what the results
would be.

For example, I had an idea to use monitoring to find out when fonts got
installed or removed from your system (changes to the font server config
file)  If monitoring was "off" then the worst that can happen is you
dont see new fonts.  Actually thats not entirely right.  If fonts were
removed, then not knowing about it would mean that Nautilus could try to
use stale fonts.  Thats a rare event, but in theory it can happen.  Now,
Nautilus has checks in place to make sure the fonts it is trying to use
are real, so ultimately this specific example wouldnt be a catastrophe
for the user.

