Some of our ACF2 systems make use of a modified SARSECUX security exit and some do not.

When do you use the SARSECU1 source program, for the SARSECUX security exit?

Release : 14.0

Component : CA View

Starting with View 11.0, the CVDEOPTN(SARSECU1) has been the source used for a modified SARSECUX exit, so that a security product's pseudo-dataset rules could be used, where clients do not want to convert their security rules to the native View format, and prefer to use the security product's format. 

As to why it is in use in some places, but not all, would depend on what type of security you are using with that particular database.