In ACS 3.4.10, ad_sec_deferred_dml is run as a trace filter on all get requests (think it is largely used for updating sec_sessions, sec_browser_*, etc). I would suggest installing the OpenACS monitoring package and using it to look at the registered filters to see how ad_sec_deferred_dml is being called on your server. (You can probably get the same amount of information by just greping your server files for ad_sec_deferred_dml but the monitoring package is pretty cool so recommend installing it in any case.)
Also the original aD version of the filter did check to see if there was any DML to run so putting in the [info exists _] does not sound like a bad idea.