I do not know if the security issue is caused by Apple Fast User Switching mechanism or by NX server authentication.
I can confirm that this has nothing to do with the NX server authentication.
The problem is that a user could see the session of another user without the credential of that session.
At the present moment, the remote user logging in with valid credentials is treated like a user sitting in front of the monitor. Even from the point of view of Fast User Switching, this remote user is subject to the same restrictions of a user sitting at the computer. That is, to switch from one session to the other, the remote user needs to re-enter the password. But if the user running the session did not lock the screen, the computer becomes available to the remote user as it would be available to whoever was transiting in front of the computer. This is traditionally the way “remote screen” tools work. I agree that this way of handling the remote user is not flexible and can present a security problem (mitigated by the fact we are talking about a small group of people normally sharing the same Mac). Other users have pointed out the same but NoMachine for Mac is a remote access system not a terminal server.