What potential security risks arise from having publically accessed vm servers and private vm servers residng in the same HA cluster? Is there a best practice white paper for this topic?

Thanks!

As long as you seperate the two networks completely there should be no way for an intruder to gain access to your internal network through your publically accessed servers (unless hacking the firewall protecting your internal network of course). Remember that you need network seperation on both your virtual and physical network components (dedicated vSwitches and pNics in vmware-speak). I found two white papers from VMware that hopefully will be helpful:

Network Segmentation in Virtualized Environments (best practice)
http://www.vmware.com/files/pdf/network_segmentation.pdf

DMZ Virtualization with VMware Infrastructure
http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

As Andreas mentioned previously, you need to make sure that your vSwitches and pNICs remain separate on all nodes within your HA cluster. In order to maintain this configuration long term, I keep our cluster monitored using Veeam Configurator, which can alert me to any changes in vSwitch configuration.

Veeam Configurator:
http://www.veeam.com/vmware-esx-configure.html