We should be running OLD software that is known to be highly secure and stable. 3 year old web servers are a definite no go. We should be using 30 year old web server software. Some hacker would be browsing the forums one day, accidentally break something some hipster wrote yesterday and then realize they've just found a 0day in node.js and decide to own the forum.
Vbulletin 3.8.7 PL3
It's super secure, this version never got hacked yet.
But Hell, current software is good too.