How are the passwords stored? What hashing algorithm is used?
It seems to be SHA-1 salted with the username, though I'm not totally sure.
Who has access to the database?
Gavin, Sirius, and me. Slicehost (and maybe Rackspace) also has access, since they host the server
Is the forum vulnerable to attacks? Has it been tested for security holes?
It uses SMF plus some mods and a small handful of custom changes. Hopefully SMF is well-tested and able to contain poorly-programmed mods
I did a cursory examination of all mods before installing them, but I certainly don't understand SMF enough to judge their security well.
Is there anything the users community can do to help?
Tell me privately if there are any security problems. I will fix them ASAP.