Do Not Allow SMS Sites to Span Forests
Domains are not considered security boundaries in Active Directory. They provide some delegation of administrative duties, but unauthorized administrators in one domain have methods of gaining administrative rights at the root of the forest, and thus gaining rights to the whole forest. The only way to ensure administrative boundaries in Active Directory is to create a separate forest.
While it might be possible to design your SMS site such that it spans the forests, this kind of site design is not supported by SMS 2003. The SMS site server must have administrative access to all site systems. To grant an SMS account from one forest administrative access to a site system in another forest would violate this security boundary. Therefore, you must have at least one SMS site in each forest and design the site so that it does not span forests.
If you require multiple SMS sites in multiple Active Directory forests, each forest must have at least one primary site. A secondary child site cannot attach to a parent in a different forest.
From Scenarios and Procedures for Microsoft Systems Management Server 2003: Security
http://www.microsoft.com/downloads/details.aspx?familyid=3d81b520-a203-4376-a72d-fd34a6c4a44c&displaylang=en
20040908 update:
a confirmation from a PM:
SMS 2003 does support a single primary site (not secondary) with Advanced Clients in other forests that the site systems. No remote site system or Legacy Client support, only Advanced Clients.