As tampabay stated, php apps(and any other) have security issues emerging all the time as the technology evolves and becomes more widespread, naturally baddies will find exploits which could be used for web defacement among other things. Many of the exploits used on php based programs implement XSS(Cross site scripting) I suggest reading up on any app and its vulnerabilities before installing it. Heres some php/phbb links to get you started....

http://www.securityfocus.com/infocus/1706
http://httpd.apache.org/info/css-sec..._examples.html
http://icat.nist.gov/icat.cfm?cvename=CAN-2002-0473

-Maestr0