Forum OpenACS Q&A: OpenACS security
For example: I think Aolserver should probably be installed in a chrooted environment, and why don't we just go ahead and do this in the install guide?
I'm willing to help out with this once the docs are released and we go beta.
And then let's try and hack our own sites. Once I get my OpenACS site up, I'll volunteer to be a target.