Most of the security was in place by the forum software devs, but every now and then I find a new vulnerability and report it to them. I've not found many recently though, which is either because I'm not digging as deeply into the software or because the major issues are mostly fixed by now.