Well ... it's only "wide-open" on the local host, and in the traditional Postgres environment (academic or departmental in a tech org) this seems reasonable. It also makes it easy for the makefiles to run regression tests automatically on a freshly-built installation ...
The Postgres folk are loath to change default behavior that folks have grown used to. We really need a good security overview doc for OpenACS, and covering configuration of PG for better security should probably be in it. We all know we need to change the default installation of most linux distros, etc so most won't be surprised at the need to diddle Postgres a bit.
As far as a head-to-head comparision, this would be an excellent little project for someone to write specifically for the ACS or other webserving environment. IMO InterBase and PG are roughly comparable, with there being a faster improvement curve with PG (or else it would still Really Suck!), so the real question becomes "when does it make sense to shell out the bucks for Oracle? How far can I scale with PG or InterBase?". Things like automatic replication, better tunability (Oracle has incredible granularity in this area), etc all add up to the impression that at SOME point Oracle makes a great deal of sense, but it's hard to say "when".