The AOL team continues to migrate AOL properties to AOLserver (mapquest etc), so it would seem to me that your friend's dire warnings are somewhat overblown. I don't know of anyone in our community who's had one of their AOLserver sites hacked into due to any AOLserver security issues, and our community has some high-volume sites like Greenpeace that aren't loved by all and therefore are logical targets for hackers.
- We don't use the DB Proxy Daemon
- We normally don't use AOLserver Authorization but rather implement our own.
- ParseAuth sounds related to the previous and was fixed in AOLserver 3.2.
- The last looks related to Authorization too
You might try the last Perl script to see if aol3.3+ad13 dies.
Security problems like this one certainly don't do much to convince me that AOLserver's any less secure than Apache 2.0 ...
