I've been using Smart Install since 2011.
Let me explain how this works:
1. There are three characters in this plot: The Director, the slave and the TFTP server. The Director and the TFTP can be a single physical unit.
2. Straight out of the box, a slave appliance only knows of a single VLAN, VLAN 1. It doesn't know anything else.
3. Smart Install requires CDP to be enabled.
4. When a slave gets connected to a Director, the Director interrogates the slave. Some information the Director looks for are: What IOS is the slave running and what is the exact model number of the appliance.
5. The first thing the Director will do is push the configuration file into the slave's startup-config.
6. Next, the Director will upgrade the IOS of the slave.
7. The Director will then command the slave to reboot.
8. (Optionally) After the reboot, the Director can run some more commands when the slave re-joins the Smart Install.
All of this without anyone touching the keyboard. It is automatic.
Since using Smart Install, I've added "no vstack" command in my configuration templates. Another thing we've done is VLAN 1 is only present in that network. Nowhere else is VLAN 1 allowed anywhere. There's another thing too: The Smart Install network can only be reached using the Management port of the Director. There is no other way in.
Putting authentication in the process does not make any sense.
The only way to "abuse" this is when VLAN 1 is used in the production network and one must have physical access to the Director or the TFTP server (where all the configuration templates are stored).
Smart Install, in our work, is vital and critical to our work. In 2012, we deployed over 600 Cisco switches all of which were configured using Smart Install. Whether we configure one, ten or 100 switches, we will continue to use Smart Install and continue to find ways to improve it.