If the nightmares come from integration when embedding a forum as a commenting system into another site, like WordPress [1], I can’t give you any technical explanations — but I’m using Discourse that way, and plenty of others do too, without issues.
If (and when?) you are using Discourse in a standalone way, as the majority does, your main site is just another link inside Discourse. Then, the security of that site/server comes from what happens there, of course. And the security of hosted Discourse is the headache of CDCK, not yours.
But I bet there are more self-hosted instances than CDCK’s, and again, others can give you more robust information, but I’ve never heard of cracked or hacked Discourse instances.
I don’t know if hosted forums even have that ability ↩︎