Well they are running apache which is fairly secure, the main exploit with the AJAX framework was with DWR which is Java based.
If your not running java and the server wont allow you to run java you should be fairly secure.
The one thing I have noticed though is that they are running a proxy on the system which is not always secure and is often the start point for an attack, but I cant connect through it so I would say that its fairly ok.
For real security though, you should have a dedicated package with a dedicated machine, because shared accounts are generally fairly easy to break into as well.
#1 Server Response: http://railsplayground.com
HTTP Status Code: HTTP/1.1 200 OK
Date: Sat, 22 Sep 2007 14:26:20 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/1.8 mod_bwlimited/1.4 PHP/4.4.4 proxy_html/2.5
X-Powered-By: PHP/4.4.4
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug
