I think it's slightly troubling that toribash has not become compliant with the EU's General Data Protection Regulations.

Some of the regulations include, but are not limited to:

1. The right of erasure. All individuals must be granted the "right to be forgotten". All data on an individual must be erased. You have one month to respond to an erasure request.
2. The right of access. Individuals have the right to access their personal data. You also have a month to respond to such a request.
3. The right to be informed. You must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with.
4. You must ensure that you have appropriate security measures in place to protect the personal data you hold. which falls nicely in with Dinis' suggestion for HTTPS.
5. You have a duty to notify the relevant supervisory authority within 72 hours of becoming aware of a breach, and to notify the affected users.

For a more comprehensive guide on GDPR please visit the ICO's website.

Issues I see with these forums becoming compliant:

Seeing that vBulletin version 4.x.x is no longer supported, it is safe to assume that vB3.8.2, the version toribash is currently running, is also unsupported. So my bet is that the easiest way for the forums to become compliant would be updating to vB5.
Further reading: here.