Forum OpenACS Q&A: Response to How much time does it takes to set up bboard from scratch
OpenACS 3.2.5 has at least one security hole and possibly others. (My patch helps with that https://openacs.org/sdm/one-patch.tcl?patch_id=35)
AOLServer 3.2 has one known potential security hole. Upgrading or patching will take care of that.
However, there are lot more things that can be done to secure your server. How far you should go probably relates to the sensitivity of your data and how willing you are to start over if your security is breached.