The auto-op system with regex is way too open. When somebody joins, it checks first the username and host, and then _only_ the host. The host regexp must be kept pretty open for people with dynamic IPs (for example, my host name is ~email@example.com, and I'm sure that'll change on my next logon).
So, when checking those regexes, the system is kept open to anyone joining from the same ISP as me. For example, I use the regex .*@.*\.turboline\.skynet\.be, so anyone using Skynet's ADSL service would be auto-opped.
Furthermore, the same type of checking is not done in the on_prinvmsg() method, there it only checks the username _and_ host match.
So, my suggestion would be to remove this part in the on_join method(indenting may be wrong):
#remove from here: -----
for ii in a2kconf.op.keys():
# --- and to here