In just a little personal comment from Richard Heyes at phpguru.org, he mentions the "repuation" that the folks over at phpBB have gotten from the whole fiasco of getting their site hacked.

Recently read on the phpsec mailing list that phpBB site has been hacked. Bummer. Not through any fault of their own apparently (well, not their software at least...). On their website there's currently a bit of a tirade about people getting up a hoohaa about it being the fault of phpBB and ISPs pulling phpBB from their servers.

Back on the phpsec list, Marco Tabini (iirc) was defending them by saying that he thought their reputation was possibly undeserved, due to the complexity of the phpBB software. Hmmm. Personally I feel that excuses shouldn't be made, and that reputations are (most of the time) built up for a reason.

Though I do agree that what happened wasn't really due to any fault of their own, Richard does make a valid point in that, yes, this incident was something that wasn't the fault of their software, but maybe it will serve as a reminder that no matter how secure you work to make your applications, there's always other ways in.

As of this posting, their main site is still down - you can, however, get to their development site at http://area51.phpbb.com/phpBB.