Topic: Serious security flaws...
I'm new to the punBB arena, however I'm a professional .Net developer for an agency of the federal government. While looking at the code, there seems to be a lot of overhead and some security flaws. First of all, NEVER EVER EVER put your Select, Update, Insert, and Delete statements in the code (especially the HTML). The best way to accomplish this is to create scripts during the installation process that will create stored proceedures. All the database formats that you are trying to support, support SPs and Macros.
(Not that anyone owes me an answer, but something to think about) - Why would you extend a control in the APP_CODE folder? This creates an enormous amount of overhead for the application (as opposed to simply creating a custom server control extension). The last thing and most important is encrypting the connection string (for obvious reasons). This is extremely easy to do in code-behind. I typically give a button event to encrypt and decrypt the string.
I understand it is just a beta release, just trying to give ya'all some food for thought.