The more I'm on bugtraq, the more I think just about any piece of complicated code has security issues. Security is just not taken seriously by most programmers (unfortunately, I probably have to include myself in that category). However, I haven't seen any postings of security issues with Postgres on the BUGTRAQ mailing list. If security is a concern for you (and I think it should be for most of us), I suggest joining the BUGTRAQ mailing list (in digest form, for sanity's sake).
I'll repost anything regarding Postgres, Aolserver, ACS, or OpenACS that I see on Bugtraq.