> When I set things up, I could find no instructions for setting up
> anon-cvs that I felt comfortable implementing from a security
> standpoint...
If you use a semi-recent version of CVS, set the --allow-root restriction
in inetd.conf and create a cvs "passwd" file along with a "writers" file,
then I really don't see where the security problem is. You are not
creating system-level accounts, and if you do not put the anonymous user
in your "writers" file, then this user will not be able to alter the
repository in any way.
-Rasmus