Yes, you are right, but then it isn't good to compare free (open source) and paid forums. Usually paid products get better support, and it's better coded.
Today all mayor forum script, don't have "children's disease" (RFI, SQL injection, XSS...), as I said all security holes comes with 3rd...