The only security issue that I had was not a phpBB problem. A while back I was getting barraged by constant port scanning. I kept banning the IP blocks responsible, but they would start up in a new range. They managed to break into the FTP and meddled with an .htaccess file, which I caught and fixed right away. What ended it was to block all IP ranges from China, which I guess is what a lot of webmasters have resorted to doing.