Absolutely. No, actually, after the exploit was announced, PHP was patched and you had to run the latest, latest greatest version. People who ran their own servers had to upgrade their servers quick and did not have time to run a proper validation. People who did not manage their own servers had two choices. Turn off their forum or pray the script kiddies did not find them. The analogy to windows 1.0 is not very accurate. It is not even accurate to compare to people who are still running SP1 and have not upgraded to SP2. It is people who are running SP2 without hotfix KB3434321-ab-prime2.. As for alternatives, there are a lot of forum packages out there. Few are as feature rich at the price point (Free) of phpBB.
Yes PHP is the real problem. I am running the most recent version, now. Also have a back up drive I did not have before . I am told the latest verion of phpbb (2.0.13) is safe but it seems it's a cat and mouse game when the 'fixes' are made public... http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 So that's why I'm wondering if there is better (safer) programs to run. I lost all my data which means I have to start from scratch anyways. I'll be f*#cked if I'm going to let this happen again. A wise man once said 'no lunch is free'...maybe I'm better to purchase a good forum program.
You should also considering installing Bastille (assuming you're running a Linux box). It hardens your system nicely and provides daily emails letting you know if your security's been tested by crackers.