We are currently testing both the newest code in the SVN and preparing to test Perl 'Taint Mode' - Taint mode requires that any variables passed to a 'require' statement must be 'cleaned' to ensure no badly configured paths or file names are passed through. (The downside, this checking appears to slow things down on loading - but the slowness could also be my internet connection.)
Ideally all paths to files to be opened should also be cleaned but YaBB's mechanism for opening and closing files is really complex and convoluted.
The version of YaBB 2.7.00 in the SVN is now up to 1966. The updates include html fixes, more uninitialized variable fixes, and security fixes to issues revealed by bots attempting to do things they're not supposed to.