My 30 or so words,
most of the man in the middle attacks are as GigaGreg pointed out are for anything to do with money and the representation of pricing.
Security can be beefed up on the forumwith ssl, but at the cost of performance, and one of the fine arts of running a successful forum is speed
The other side of the coin is that you have to ask yourself the following question,Are my assest at high risk or not, and be honest with yourself
Will a hacker want to deface your presentation of your personal assest for his personal gain, to be honest, like i have read over countless of forums they find an exploit, even if you have ssl and either change your home page or they leave you a note if they are polite.
But to add ssl on a forum, something that even hackers, when they are been normal people use is just a waste of time in all sences.
as for a WordPress site or any other CMS script portals, I would sersiously beef up my securty on my servers before adding ssl and even ssl on the fly creation
Always remember the following
A request from one person take x time from the server, now add the creating of the ssl cert to that time
now multiply that by 100 users
also every user to your website uses your precious ram, now also add the ssl cert proccess to your ram usage.
webhosting is about fine tuning, and using only the services required, just because it is therem does not mean that you should use or install it for the idea of better security.
a term used, is called "server hardening practices" would get you far greater security than anything else and at no loss of performance
also best practice and a flaw we do make at times is to use similar passwords between systems, now that is the worst mistake we can make.
PrestaShop has something listed about password policies on thier forum, somethng to go look up and think about.
but what a great thread to start, maybe it should be under the tech section
Everyone could maybe post there idea's and server hardening pratice, oh wait there is one already somewhere