What security issues exist with the various authentication methods:
 
Each authentication method (basic, ntlm, cookie, ISAPI) has security issues. 

For basic authentication username and password details are sent in plain text.  If you are using NT users this can cause further troubles because if this information is discovered the user may have the ability to change files on the server.  This can be enhanced through the use of SSL however there is a performance penalty and cost for obtaining and maintaining a certificate.

NTLM provides enhanced security over basic authentication at the cost of compatibility, users must be using Internet Explorer for their browser.

Cookie authentication has the same issue as basic authentication but only for the login form.  You should use SSL for the login form but from that point on the session is tracked with a single cookie and that cookie does not contain any username or password details.  In contrast, with basic authentication the userid and password are sent with each request.

With an ISAPI filter you control how security is implemented.  Commercial solutions provide options for encrypted cookies which have the advantage of cookie login without requiring sessions.  They can also be used with basic authentication and keep users separate from the NT user base.  Commercial products also can provide enhanced quota and tracking features to prevent password cracking and account abuse (e.g. duplicate logins using the same userid)