UBB is an excellent forum to use but I have a few pointers for Admins of forums...
1) Disable HTML posting.
2) Encrypt the password in the cookies.
I know you're probably saying, "Yeah, Ok, tell us something we DON'T know...", but I have just finished a project that uses the XSS exploit on a whole different level that even the browser patch can't stop.
It's in the form of a Flash app that can do this and do it well!
Disabling Javascript commands in posts won't even prevent the Flash app from doing it's thing!
You see, Flash can create and execute Javascript commands on-the-fly from within the app and all it takes is some clever scripting to grab the parent document's cookie and strip the person of their identity!
I have tried this app in other forums to great success, maybe pissed a few Admins off in the process, but I've always notified them of the exploit and how to prevent future attacks. I think I just scared the hell out of them...
I think one of the main pointers is to ENCRYPT the password in the cookie because even if some inexperienced "script kiddie" DID manage to get the cookie, he wouldn't know what to do with the encrypted password,... unless he had a good MD5 decrypter...because if I'm correct, isn't the password encrypted using MD5 process?