Thanks to everyone's response. At our shop, DBAs debated a little bit and we currently leave ACL on in most databases but allow anyone (public) to open connections to only the company mail server and ftp server. Still, this adds one more factor in many troubleshooting cases. On one set of special purpose databases, we disabled ACL, with the client's agreement (they're quite happy with the decision).