If you use Protector and turning "enable anti-XSS (BigUmbrella)" on, don't worry about it. The feature of "anti-XSS" can protect attacks via XSS entirely.
Anyway, you'd better update piCal if you use older piCal.
And I strongly recommend you to turn "enable anti-XSS (BigUmbrella)" on, even if you use piCal.