Interesting read.
Some of those things, well, okay ALL of those things should be second nature to a programmer and be properly coded for in every instance. For the phpBB, I get only mods from phpbb.com site and only the ones they've approved. I also keep up to date on versions. Though I don't think any one of us has put enough information on here in profiles to be at risk.
And just a warning. Anyone caught hacking this site will get banned. So don't do it.