I have set up a phpbb forum on one of my domains and as far as I know the site doesn't have SSL encryption (I'm not willing to buy one and neither does the site have a self-signed certificate, because when I access it I get no security warnings). May I ask what encryption does that phpbb system use and is it secure to run this forum software without encryption?
The danger with phpbb (or anything else for that matter) is not whether you run the site with SSL or not How you manage user input is far more likely to compromise your site.
SSL is ONLY used to protect user information between the client and server and to certify that the server is what you expect it to be.
Bugs or design errors in phpbb that attackers can utilize to gain control of your site is what you should worry about. SSL cannot protect you from that.
Passwords for phpbb should be salted and hashed in the database in case the site is compromised. This will make it harder for attackers to gain access to other users data.
Blog posts I believe are NOT encrypted in the database and thus will be revealed if there would be a successfull attack.