-The open source crowd points out that more people look at and play with the code, and thus are more likely to quickly find (and plug) security holes.
-The proprietary supporters say that since hackers can't see the code, it's tougher for them to find the holes.
Both points make sense initially. However, it's pretty clear that most hackers don't have much difficulty figuring out the holes in proprietary software, anyway. So, that argument pretty much goes away.
As for UBBT vs SMF, communication between the people finding the bugs and the people responsible for plugging the holes in the software is key -- along with timely updates to that software (as Gizmo mentioned above), so the security holes get fixed, made available for download, and are implemented by the forum owners, ideally before an attacker has a chance to exploit them.
Since UBBT 7.5.8's release, I've personally posted several bugs found within this release, and I've shared solutions to correct those bugs. While the bugs I've posted about haven't been security-related, there hasn't been much communication from the UBBT devs with regards to correcting these issues. In fact, there hasn't been much communication from UBBT owners/operators at all.
I'm not sure of the communication timeline over on the SMF forums between it's users and it's devs, but as of this post, their last update was v2.0.7, released 2014-01-25. Its support forums also look more technically active than the forums here.
Is SMF more secure than UBBT?
Is UBBT more secure than SMF?
Is an active support forum important to you?
Are timely updates and bug fixes important to you?
SMF is a free product and its security updates are also free.
UBBT Requires a yearly license fee for access to any security updates.
Does SMF also provide a paid solution (via online trouble-ticket system) for new installs, upgrades, transfers...etc -- and is that important to you?
UBBT is a product that requires a yearly license renewal for access to product updates, security updates and any bug fixes they might release during your license period. You also get a year of access to their support ticket system during that same period. Renewals are less than half of the initial license price.
Without paying UBBT's yearly license fee, you won't have access to product updates, you also won't have access to downloading bug fixes or security updates. Your forum is left exposed to any security holes that are found-and-fixed by the UBBT devs. End users might post security fixes, but on an unlicensed forum it will be up to you to find those solutions and make those code modifications yourself -- IIRC, modifications to the source libraries and scripts voids your options for official support if you decide to renew (someone, please correct me if I'm wrong about this)
Without renewing your UBBT license, you also wont have access to the trouble-ticket system. Though, you will always have access to UBBT's user-to-user support forums.NOTE:
Many of the major internet forum softwares, such as UBBT, require a paid license for support. Xeno, vBulletin, ip.Board, etc...
The items I listed above are not unique to UBBT.
phpBB and SMF are both free alternatives.
A breakdown and comparison of many internet forum softwares can be found at:http://en.wikipedia.org/wiki/Comparison_of_Internet_forum_software