I’ve been using phpBB for years and have been very happy with it.
With the mySQL injection vulnerability last year (caused some headaches) but if you’ve patched that issue then you should be fine. Adding the latest version takes care of other issues too. The problem is that people don’t upgrade to current versions. The reason they have updates is to fix identified vulnerabilities. VBulletin btw do exactly the same.
Whatever people choose to use if they don’t upgrade the likelihood of hackers finding a way in as vulnerabilities are found is more likely no matter what platform you use, forum/cms or otherwise. I’d also mention that a hackers road to success is increased depending on how the hosting server is setup.
Granted phpBB is GPL as apposed to VBulletin being a purchased product, but that doesn’t always mean better. Out of interest have you used phpBB or is this a generalised comment?
