Hi,
thanks for pointing out those potential vulnerabilities. We are using jquery-ui in a very limited way (we are not using the date picker at all for example) and not in any server-side interactions so I think the potential risk is very theoretical.
In any case, this has been brought to the attention of product management and I expect us to upgrade the jQuery-ui version we are using in one of the upcoming releases.
Thanks,
Guido