This document's security considerations are mostly by-reference to the original Geneve document (RFC 8926). The OAM traffic is in-band, so follows the same path as the regular traffic, and the only additional security mechanism is the RFC 5082 (Generic TTL Security mechanism), which just means dropping any packet whose TTL is not 255 - not sent from an adjacent node.

Anyway, this seems sufficient for what this draft does.