I"d be willing to take part in a team realted to checking security in OpenACS recommended version(s) of AOLserver. We can, as good AOLserver users, offers the patches back to the AOLserver team.
Arsdigita offered a patched version for AOLserver to use with ACS and I don't think it is completely off the wall for use to consider the same. While the AOLserver team has improved quite a bit recently in being more responsive to our needs, it might be a bit unreasonable to expect them to move as quickly as we would like.