Not true...I DMZ'd my system to listen for a while and Comcast uses Hubs here, which explains why its soo slow and shoddy. Hubs mean that all packets are being forwarded to all destinations. If you use any public free wifi you are at risk for password. You can get a free SSL Cert from Comodo. It expires every 90days, but its well worth it

Jamie,

Nearly all web-technologies protect against PHP injections, because well, that's easy. You would have to be using bad PHP development techniques to have PHP Injections work...like building the datastructs prior to running it through the PHP engine, or using a PHP page to generate a PHP page...You should only ever use PHP to generate an xHTML page, never a actual dynamic response. The important one is SQL injections, which phpBB sanitizes pretty well..there are a few very obfuscated SQL attacks that still can be done, but they require a LOT of time to figure out the intricacies of this server (what character sets PHP supports versus the HTTP daemon versus the DBMS).

I guess the only problem with SSL is setting up a dedicated IP for the server. I can add an IP for like $1/mo up to like 6 IPs. Is this something worth doing still?