The part you mention about how if somebody obtains a forum password it may be dangerous is very true, in the past I used an exploit in phpBB to gain administrative access to the control panel where I was able to take a backup of the forum and extract the admin’s MD5 and then get it cracked, he was also foolish enough to use this same password as the one for the site’s control panel…actually this happened more than once on a few different sites…but I never did anything malicious to the sites, fortunately for them, I hope they learned that lesson though.