There were several ways of introducing harmful html in earlier versions of the ubb with people sneaking it in the tags used for their images. I believe the last time we were hacked a few months back was for the very same reason. I know of another time or 2 that never made it to widespread knowledge of people being able to do similar activities.
6.3.1 contains the latest security patches for all known hacking possibilities.