Jeremy, the security issue you mention above has been discussed here
many times, including in
April 2002,
Nov. 2002,
and
June 2003.
It's a small bug in the the external database driver interface, which
AFAIK no one using OpenACS ever uses at all. The Oracle and
PostgreSQL database drivers are "internal" drivers and are not
effected. In the unlikely event that you are using an "external"
database driver of some sort with AOLserver, then you might want to
patch that bug.
To the best of my knowledge there are no known security problems with
AOLserver 3.3+ad13, at least not as used by OpenACS.