Thanks. I got an email from vBulletin yesterday about it. There was no reassurance there either. It's true that none are immune to attacks and such. One possible benefit for the open source variants is that the code can be reviewed by numerous eyes to help look for a solution to the problem. We are stuck waiting on the vbulletin devs to help solve this. It's not clear to me if this is a vBulletin 3.x issue as reported with the macrumors case or if it has been verified that 4.x and 5.x are also vulnerable.