Between the recent hack of the main phpBB site and a slew of vulnerability reports on PHP|Arch's PHPSec Mailing List, phpBB has lost credibility in the PHP security community. As Chris Shiflett has been pointing out over and over, you can't compensate for a poor fundamental design just by patching. I agree. Last night, we completed migration of my company's public web forums out of phpBB. Any other organizations following suit? Is this the beginning of the end for phpBB?
§ § §