So BE WARNED - there are security holes in v.2.0.13 and they have been discovered....
While you may be right, all of the attacks I've read about so far require more than "just" PHPBB
2.0.13 to be successful.
Example: the "admin_styles.php" vulnerability refered to in several threads here requires that the attacker obtain admin rights by some method,
and that the template directory permissions be set incorrectly, or the attack fails. The default install for PHPBB sets the permissions correctly, and the instructions include an admonition to verify those permissions.
Another attack requires that you have installed an insecure MOD, or the attack fails.
Still another requires that the admin password be subject to a dictionary attack, which will work against
anything that has an insecure password.
And one published attack vector even includes the changes necessary to close the hole (two lines added to sessions.php). I suspect that just making sure that userID 2 isn't an administrator would blow up that attack, too.