There are steps that can be taken at the server level to minimize the security risks with forums and other scripts. Does this company run it's own web server or do they have just regular hosting.
C'mon man, we can't hack the newest version of PhpBB or Vbulletin (not now at least)
But personally, I would suggest PhpBB is much safer, there are so many exploits for Vbulletin