Yeah, org.lwjgl.librarypath would be the best bet. Renaming the dll to lwjglopenal wouldn't really do much in regards to that article; malicious hackers would then just either rename their own dll or drop two copies of the dll's (one named OpenAL and one named lwjglopenal).
A quick fix for Microsoft would be to just require admin privileges when dropping a dll somewhere.
This actually means that Java is (a tiny bit) safer than other languages in regard to this issue, as exe installers would install OpenAL into System32 and have their apps expect the dll being used is from there while Java programs usually ship the dll's in the current directory and use the JVM's way of finding it. If you're using Web Start and have offline disabled, you're even safer.
Anyway, if someone is able to go into your system and drop a dll somewhere, you're pretty much screwed anyway. If they're able to put a dll in the current directory of some software, they are able to do much, much worst, but decided not to for some reason. Users nowadays should be aware of what they download and run and have some type of virus protection (unless they know how to use Linux properly)...