The OP's suggestion is unnecessary, in general.
As you mentioned below, hackers can hack both the forum accounts and emails used to register accounts.
Most of the time, hackers got accounts from hacked emails.
why would hackers unable to use it forever?
this force password reset system would still be useless without email confirmation link
even with confirmation link, hackers would just change the registered email right after they hacked the account
because changing email (on this forum) doesn't require clicking on confirmation link, just provide locking mechanism
The most interesting thing implemented by our beloved admin, theymos, is if one account changes registered emails two times, the account will be locked, and confirmation link will be sent to the original email to unlock account.
In reality, the security mechanism has shown its power to clean out all hacked accounts.
As usualy, theymos has demonstrated that he is not too dumb to give hackers so many free space to use the forum as their land-fills.