Brent,
I think you're wondering too much...
This is happening to many sites and forums worldwide... These schmuck flood the site they choose so that there's always someone that'll get caught in their net so to speak but, as long you know how to protect yourself, that shouldn't be able to take over your comp or grab your private info as easily as you might suspect because you have to leave yourself wide open for that to happen and it has nothing to do with the proposed upgrades because we're talking about virus and spyware/malware that cannot be eliminated all together and there's no type of software out there that can totally protect us from this...
The only thing that can be done to prevent penetration that leads to hijacking the controls of this site or yours is to design redundancy into the system by adding new software as well as hardware that act as firewalls and detection systems to sort out any types of attack and 46.00 made the point that one must keep their software up to date which I totally agree with and yet, many folks use the excuse that they really don't have the time to run and their updated software to check for anything new that may or may not have slipped through and was either deleted or arrested in the quarantine area to the software because it doesn't make sense to have the protection and not use it or totally depend on only scheduled checks that do not always catch threats on a timely basis and is just one other attribute that these hacker look for as it is pointing out to them that they can depend on the software to only scan at certain hours of the day making it easier for them to predict when the optimal time to attack a computer will be...
The complicated part of using redundant software to protect your system is that many applications tend to conflict with one another, but if one carefully schedules their systems to be scanned with a variety of applications at different intervals during the day, week and monthy basis, and adjusting those intervals each month or whatever time frame you choose to fluctuate your choices will keep the hacker wondering when to attack because the point is to keep them confused, and to make sure they cannot record your patterns because you're constantly adjusting them... Cloud based anti-virus, malware protection is relatively new and yet it is tied directly to the software manufacturer so that your system is constantly monitored directly by them and any adjustment can be made on the fly so to speak...
I have some cloud based software as well as multiple firewall layers that make it very hard for these hackers to break into my own system of multiple computers in my private network @ home and as long as I also keep tabs of all the components that protect and verify that they are indeed doing there jobs, I don't have anything get through my shields, but I don't pretend to say that it's an easy thing do do and maintain because it isn't always.
There are all sorts of hardware firewalls out there being sold to larger corporations that do a great job also in protection from attacks but nothing is permanently impenetrable as the hackers always find ways to exploit systems mainly because somebody stopped being ever vigilant and/or patterns were kept for prolonged periods of time, to missing an update that should be done or programmed to be downloaded on a regular basis with an alert to warn you that you need to perform an immediate new scan on your system so that these hackers don't have optimal times to probe and adjust their own methods of attack also which would in essence leave yourself very vulnerable indeed if you don't keep them off balance and guessing!
Does this mean that if you use the internet 24/7 and are online all the time and are very dependent to being able to do e-commerce, and your site handles many transactions on a daily basis, then YES you probably do need to have someone hired to be responsible in monitoring the system for you and to make the necessary adjustment in order to thwart any potential intrusions if you cannot do it yourself...
So it's a little more complicated than just upgrading one's forum software especially if the other encompassing (Enterprise for example) software and hardware used to protect the entire system and network used to run the forum software is not always updated and checked regularly to properly monitor everything.... I could go on but, I'll just end with the fact that the best we can all do is to minimize the threats as opposed to eliminate them completely because that will never happen, and as I already pointed out in general terms, everything needs to be constantly checked and finally, there are no excuses for not staying vigilant in protecting yourself from attack originating from cyberspace and, even then you cannot eliminate the threat completely but you can keep them off balance and guessing by not establishing patterns of how you protect your systems and how you operate - PERIOD!
Respectfully,
Henry