IRC to "hack people" shouldn't be possible, unless they're using a defective client (like mIRC, used to have a lovely script that'd eat that, supposedly that was developed by law enforcement) and then that's a fault of the software involved in implimenting the protocol, more than the protocol itself. The IRC specification doesn't contain much that has abuse potential to end user, and due to the age of the protocol has been developed sufficiently. It's considered suitable for frontline use in military C&C.
The channel itself should be "safe" - what might not be "safe" is the people that use it. But wherever you go, whatever protocol you use, people are people and this holds true universally. Spitting a link that will forcibly take control over your browser and then computer when you click on it is equally possible here, facebook, lycos, email, IRC, XMPP, etc - It's again not the protocol as much as the abusable software you're running that makes the attack possible. And most "hacking" you'd hear from in the media is actually convincing the tool, I mean end user to click on the link and infect themselves.
To assume sensibly XMPP was selected, should you choose to use a standalone client - of which there are many already available for most platforms - then the selection of this client would likely be your responsibility - however, the web-based solution (of which there are existing open source examples ready to import) would be the responsibility of the site operator and (should) be throughly vetted to provide minimal abuse potential.
I selected such technologies because they are already developed, and already securable.
I really don't think Lycos was a particular good example for a more secured operational standard, and IRC is older.