Well, at least it's enabled, but not configured properly: https://jazz2online.com So I think the possibility for a memory leak is still there.
I think the fact that passwords are sent in plain text when logging in is a much greater potential security issue than the possibility that passwords have been leaked through a buggy OpenSSL version used by another site on the same web server which just happens to have J2O passwords stored in the affected 64K memory segment.

Then again, we're talking about a fan site for a video game which was released 16 years ago, so I think this discussion is more of an academic value than any practical one.