As far as open-source forum software goes, phpBB is about as secure and reliable as you can get, and my experience with it has been positive. It has a relatively solid reputation, and I believe phpBB3 has in recent years been subjected to an external security audit. Of course, you need to do your part in keeping it (and any software it relies on) up to date, and exert caution when installing third-party plug-ins. If you are paranoid or dealing with truly sensitive data on the server, and your budgets allows for it, you could always consider getting a seperate server or hosting package for the forum and host phpBB on a subdomain.
Heh. I remember when one forum I'm on upgraded from php/bb2 to 3 because they found a security loophole in 2 that you could drive a truck through. (Don't remember what it is, but definitely something that could occur in real life.) The other advantage of 3 is that huge numbers of popular third-party mods from 2 are now built in so you don't have to deal with all the compatibility issues and each module's own potential security flaws.
Problems also arise when you don't or can't keep up to date, because sooner or later the people up top will stop supporting the older version. So don't get something that your present hardware and OS can only barely handle.
phpBB is very stable and secure now IMHO. I've been using phpBB since 2001 and the security patches and software releases are less frequent today than they were a few years ago. I agree on the add-ons. I get by with as few add-ons as possible. The worst part is when you become dependent on a plugin/addon and then the developer stops supporting it and you wind up removing it later because it's so outdated and *insecure*.