First off -- very well written article!  While as a practice I agree with the above post that this generally isn't a good idea, there are instances where I've seen it used effectively as a stop-gap measure to re-writing an entire application.

It certainly is a security risk (many recommend removing the OA procedures althogether), and there is a visible performance depending on how often the COM object is instantiated.

With all the risks and performance hits, it is a handy feature to be aware of, but NEVER make it your primary plan of action. However, there are circumstances where it might be the only viable option. The realities of most companies place financial and temporal constraints on projects that cause us to consider options we would normally avoid at all costs.

Have I used the OA procedures in production work- no.  Would I use them? Not on something I was building for a client.  Would I tell a client that they absolutely should be removed if already used for an existing application? Not necessarily.  I would point out the risks and costs involved, and stress to them that they should consider eliminating them in the future.

I think they are very useful to know about (and this was a well-written article introducing them), but should considered as a last resort or temporary work-around.