A site run remotely from multiple locations is hard to secure. I'd say the site itself is reasonably secure. Individual accounts are a different story. I'm sure password1 and 1234 has been used on here.
Before reading your post I didn't know anything about how the 2015 hack occurred. It shows that the forum itself is very secure but if the service provider gets phished into resetting the root password that all gets bypassed. The problem with individual accounts getting hacked is that they are inactive accounts so they are unaware that they need to change their passwords. I would guess all the easy passwords were broken a long time ago and hackers are cracking some of the more difficult ones now.