Setting up a forum is an interesting experience.
Using the plugin wpForo I created a simple forum.
It’s relatively easy to register an account upon it.
However this made me worry about what these new users could do with their accounts.
Using a test account I registered and then connected my new account with WordPress using Jetpack:
Since you apparently can’t prevent all users from connecting their accounts with Jetpack they gain access to this:
/wp-admin/admin.php?page=jetpack#/settings?term=Site%20Stats
Where you can check/set who can see your sites stats on jetpack.
But other than that the only worry seems to be bots using their profile pages and posts to display malicious links.
This seems simple enough to prevent.
I usually just delete any subscribers that haven’t posted anything.
Since setting up my forum I have had several users register, all of them bots.
None of them have been able to cause any damage and not a single one has attempted to post anything.
On one hand that seems like a vote of confidence in terms of security and spam prevention.
On the other hand no one uses the damn forum!
Edit: if you want to prevent spam registrations I’d recommend Anti-Spam by CleanTalk.
It’s free, easy to use and so far it seems to be working for me.
Which is good because I was getting annoyed by all the profiles with casino adverts.