Even if someone got the database, PunBB passwords are protected by not only hashing the password but also salting it. I don't remember where the code is to hash PunBB passwords since it's been quite a few years since I've had to poke in their source code but I do remember feeling more secure after seeing how they encrypt their passwords.
SSL will not protect the database from being hacked. It's only meant to secure the connection from your browser to the server.
As far as "not having any sensitive information," I disagree with this philosophy, since people are entering passwords here. Hell, I had the TDV account logins go over SSL when it was commercial (both for the website and for the server) for this very reason. Anywhere where there is a password involved, you should consider it as containing sensitive information, or eventually we'll be saying that "well, this site only asks for your ssn, so it doesn't handle sensitive information."
The rule of thumb in the software world is to always assume the user is not smart and to do what you can to protect the user. So we can't assume that people on here are actually smart and do use different passwords. Not everyone will have a "fun-only, throwaway password" for things like AG like I do.