I was just wondering because I noticed the letters A-E being used in my password which seemed easy to decrypt. I noticed the salt and login key too, but just how secure is MyBB? Let's say one of our boards gets compromised. Would a hacker be able to brute force everyone's passwords?
Yes, only if they have a good list of passwords. But since there are tutorials out there on how to change the hashing algorithm to bCrypt, I'd do that if I were you.
Yes. MyBB uses salted MD5s which can be brute forced
at around 3 billion attempts per second on a modern GPU.
So yeah, consider making the bCrypt modifications for your users sake.
That said, so as long as you keep your server and forum up-to-date and properly limit access to data such as your backups its unlikely someone is going to get their hands on the hashes in the first place.