Lets say if some one did db dump of your forum which forum do you think would when in security there ?? or sql injection wise I think xenforo would win since it's from phpmyadmin you can't even find the password table.. this is from ethical hacking point of view