it lets you do https for free so that passwords and posts aren't leaked to the NSA.
Users, if you picked a password that you use on other sites, the NSA now knows it, your ISP knows it and everyone grabbing the data you transmit to this site knows it.
Likewise, responses by ddovault aren't encrypted so anyone in the middle can change the content of those responses, inject harmful scripts or other.
Hosting a forum that is not encrypted and authenticated by default is careless.
I was running a free forum hosting service based on YaBB2 once. But that was over 15 years ago.
On the upside yeah it's mature and doesn't require a database.
On the downside, when was the last security audit again?