I'm not sure how building forums with software like SMF works, but if BitcoinTalk is 'just' a specific configuration of SMF 1.1.19, are we essentially looking for bugs in SMF 1.1.19?
Or was SMF 1.1.19 modified in some way or another?

I'm asking because it usually makes sense to look for bugs in a locally installed version of software opposed to pentesting a live system.