Normal websites only have to worry about automated vulnerability scanners, weak admin passwords and common misconfigurations when it comes to security.
BitcoinTalk.org is in a different kind of situation. It is in the cross-fire of cyber-warfare. Plenty of malicious hackers use this website for nefarious and non-nefarious reasons. It is likely to be the target of 0day exploits. Anything that runs on BitcoinTalk.org needs to be battle-hardened. We should be running OLD software that is known to be highly secure and stable. 3 year old web servers are a definite no go. We should be using 30 year old web server software. Some hacker would be browsing the forums one day, accidentally break something some hipster wrote yesterday and then realize they've just found a 0day in node.js and decide to own the forum.
In our defence, Node.js is used by big companies like Wal-mart and PayPal, so we won't be alone when a vulnerability is found. Also, I'm sure that our Google-level security bounties will help persuade people against attacking us maliciously.
That being said, I wasn't party to the negotiations, so I have no idea what language the forum will be built in.
Wtf kind of shit is this, building a software studio for one fucking forum
Well, when you have a few million dollars just sitting around, you might as well. Seriously, we're making enough money that we can support a dedicated full-time development team indefinitely, if we wanted to.