Hi Glen,
I confirmed that the viewer is not using the "closeText" option so the vulnerability should not be a problem and we don't currently have near-term plans to upgrade jQuery UI.
If you want to upgrade it yourself you'll want to update ReaderControl.html which contains references to the jQuery UI CSS and JS files.
<link href="external/jquery-ui/themes/cloud/jquery-ui-1.11.1.custom.min.css" rel="stylesheet">
...
<script src="external/jquery-ui/jquery-ui-1.11.1.custom.min.js"></script>
So you'll want to upgrade these files with the downloaded versions, changing the names slightly. We use a custom version with certain components stripped out but this isn't required.
Then the places where I noticed components that might need to have their code updated are in NotesPanel.js and AnnotationEdit.js. I hadn't yet looked into how the APIs have changed and what would be required to fix their appearances. Hopefully this can get you going in the right direction.