The only way to fully secure any piece of software (online or offline) is to take it to the desert, drop it in a 20ft hole and dump cement over it. So, 100% continuous, permanent security is not possible (just look at Denuvo).
But, if the question is “Is open source software more secure than closed software” than the basic reasoning behind answering this question is that with open source software (that has a large user base with active feedback) that any security exploits get reported quickly, and therefore can get plugged (fixing said security issue) quickly.
There are somethings you can do yourself:
- Choose a reputable hosting company.
- Add additional protection to your server with a firewall.
- Install a SSL.
- Use a strong password (duh).
- Secure your admin email address with double verification.
- Use an online service such as Securi which will send you a notification (email, sms) when your website has been defaced, hacked, or blacklisted by Google.
Any member can maliciously still copy/paste the information for the rest of the world to see.
A good thing to know about Discourse based on what I’ve read on this forum/meta is that any image, uploaded document (pdf, word, excel, etc.) can be accessed even when the forum is set to private if somebody from outside the forum knows the exact url for the file.