SkFor any website that requires anyone (users or even just a few admins) to transfer secrets to and from it, you want to ensure the data is end-to-end encrypted. Today various browsers (like Firefox) give warnings when you're sending secret data (like passwords) "in the clear", namely unencrypted.
Update 2021-11-08: this post is now getting a bit long-in-the-tooth, and I need to update it to use up-to-date components. It might still be useful to folks, but use it with caution. Also, please note, we're using NextCloud with OnlyOffice (the open source community edition) these days.
At the OERu we have two separate instances of market category leading Discourse Forum: one for OER partner and contributor collaborators and the other for learners. These days, online forums are seen as a bit old-school: fuddy-duddy. From my point of view, however, Discourse is "Forum-NG" (a Next Generation forum).