I think you should increase the security of the “I’ve Forgotten My Password” facility. It asks you for your registered email address, and then mails you the matching forum username and password. What it doesn’t do is force you to immediately change the password, as is usual with the other forums I inhabit.
Thus, if a Bad Guy gains temporary access to your email address then they can easily discover your forum login credentials without you knowing that has occurred. It’s not too serious (they _do_ have to be able to read your emails) but it is contrary to the behaviour of every other forum in my experience.
[Discovered while having trouble logging in for the very first time, which actually turned out to be due to my having cookies disabled … doh ! … maybe a note about the need for cookies could be put on the registration page.]