A lot of sendmail security comes down to you. Sendmail 8 is much more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular:

• Make sure the aliases file isn't writable except by trusted system personnel. This includes both the text and database version.
• Make sure that other files that sendmail reads, such as the mailertable, are only writable by trusted system personnel.
• The queue directory should not be world writable PARTICULARLY if your system allows "file giveaways" (that is, if a non-root user can chown any file they own to any other user).
• If your system allows file giveaways, DO NOT create a publically writable directory for forward files. This will allow anyone to steal anyone else's e-mail. Instead, create a script that copies the .forward file from users' home directories once a night (if you want the non-NFS-mounted forward directory).
• If your system allows file giveaways, you'll find that sendmail is much less trusting of :include: files -- in particular, you'll have to have /SENDMAIL/ANY/SHELL/ in /etc/shells before they will be trusted (that is, before files and programs listed in them will be honored).

In general, file giveaways are a mistake -- if you can turn them off I recommend you do so.