Running a web server is fraught with issues...the forum is running essentially as an add on to the web server, The problem is sometimes its hard to keep up with the contstantly changing exploits to the setups that we run.
Flaws and cracks are found all the time in the server and add on software modules. Sometimes these are published and other times not...if one is found and not published then there is always a risk that it can be used to a hackers advantage...but more typically they like to brag and word gets out about the flaw and it gets fixed.
Having a fix is great but it might get missed by those running the flawed software...and not corrected until a bigger update or version change.
Groups like anonymous take advantage of these kinds of flaws and exploit them to thier desired effect. The spam we get here is often the result of some "script kiddies" probably honing their skills for bigger and badder things.
System admin is not easy...sometimes a fix can break other things, so as with other things the cure might be worse than the disease until such a point comes that a combination of updates will work together.