I think vBulletin is save but why do they still advice to place an .htaccess in the modcp/admincp dir. It's just if they don't think their own forum software is safe enough? Or has it something to do with the security issues that PHP has? Maybe its because of the bugs that are going to be discovered. Anyway, whats your opinion?

You can never be too careful. In the past we've had people gain access to areas they shouldn't of and because of that, we've taken extra steps for security.

It's always safer with .htaccess also. Exploits and security issues can anways be found, that's why .htaccess should be around also, just in case.

It is a great extra security layer to add on top of the great protection vBulletin offers. Unfortunatly if an unknown XSS exploit is found in the software users could abuse that and then having .htaccess installed helps.

Nothing is ever 100% safe, but if you do your homework on forum/web safety, you can make it difficult for hackers to get anywhere near your forum's files and database.

Despite the quality of the software, nothing is perfect and new exploits are found on daily basis for any of the software you run on your computer or web site.

.htaccess is always on any non-public directory. Heck, half the mods don't have access to our modcp/ directory.

Note: we renamed our admincp/ and modcp/ directory by the way, to avoid auto-hack scripts.

I've not bothered on mine but I insist that my mods and admins change their passwords ever 30 days and have it set to force this.

TBH I've actually got into someone elses ACP before and this prompted them to put a htaccess on the dir but not before they had to fix everything via their SQL database as I'd banned all their admins and mods and changed all the permissions on their forums so that everyone could see the s**t that they were talking and the way in which they were constantly b****ing about everyone.
That is nice to know
:)

/me adds KA's IP to apache block list for certain directories.

There is no such thing as foolproof security. I work for an ISP and we are constantly doing new things to add to the protection we give our customers. The more secure a site becomes, the more challenge it is for people to try to hack into it. vBB offers a very good secure environment, but if you include a .htaccess file, you can be even more protected from hackers.

I've never had a problem with vBulletin being insecure, in my eyes very secure.