FormsAuthentication is widely used and relatively safe if configured properly.

Make sure you add your MachineKey, (you can generate one here http://aspnetresources.com/tools/machineKey which is the same link supplied in the MSDN site)

• If its a secure part of the system; consider setting your session timeouts low (10/15 minutes its convenience vs security).
• Ensure your membership provider is set to a good HASH algorithm i.e. <membership userIsOnlineTimeWindow="15" hashAlgorithmType="SHA512">
• and the provider itself is set to hashed rather than encrypted passwordFormat="Hashed"
• and that your RoleManager (if your utilizing roles) and forms authentication section contain the configuration for the cookies; cookieProtection="All"

The password reset system in it is a joke; I wont copy and paste myself, but you can see the preferable method of resetting passwords here https://stackoverflow.com/questions/10213124/combine-passwordrecovery-and-changepassword-control/10237107#10237107

Thats basically a good start; you could also look at Troy Hunts membership security guide http://www.troyhunt.com/2010/07/owasp-top-10-for-net-developers-part-3.html

Oh and Always collect users information / handle logons / and registrations over HTTPS (SSL). And try to use some sort of verification token (theres one in MVC https://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=msdn+AntiForgeryToken), this reduces the attack landscape for CSRF and basically brute forcing.