Security is also one of the reason I didn't want to use publicly available SMF.
I have always made a good care of security (I am paranoid from nature) and had a lot of friends that helped me with that.
If you want to attack some site, the best thing you can do is to find out CMS they are using, download it and search for $_GET, $_POST, $_COOKIE and $_SESSION variables and find out which user inputs are not secured. I say also $_SESSION because when server is wrongly configured, these can also be changed from user's side.
Another thing you can find in some public CMS systems are default passwords, hierarchy and security of folders containing sensitive data and some other nasty stuff.
Damn, those were creepy 7 years of my life...