myforum365 doesn't use a secure connection when you change your profile ie it's http://.... not https://... so it's probably not very secure from hackers at all. Your r3ok password is really there to protect you from the curious not the malevolent.
Even a HTTPS site isn't exactly secure. If neccessary, it could be hacked by posing as a fake Certificate Authority and fooling the computer in thinking it is talking to a server with a genuine certificate.
Please do not become alarmist, just because a site isn't HTTPS it doesn't mean it isn't secure enough for the job it does. I'm pretty sure the BBC boards are HTTP, were people worried about the security there?
I'm not saying sites won't be hacked, but I'm saying that in this case it is very very very unlikely that it is this site being hacked and not an issue the users end.
I wasn't being alarmist Michael, quite the opposite - I wouldn't expect security here to be as good as my bank for example - purely for the reason that I wouldn't have sensitive information here, even my email address doesn't refer back to me. Hence I would not be too worried if someone were able to hack into my account. What would worry me is if they were able to do so because they'd hacked into my PC - as you say, Milly might need to look at her own security from the sound of things. Although I doubt whether anyone able to access her m/c would bother to mess around with her r3ok account in the way described, they'd be after her bank account or credit card details. It sounds to me more like a bug in the software.