Simple precautions can be taken:
Make sure conf_global.php has only 444 permissions, and that everything else has 755 permissions. The only folders (recurrsively) that should be set to 777 are downloads, public, cache, and uploads. (Credit to IPS for that tidbit)
As well, any passwords used to access something that controls your forum (SSH, FTP, and/or Control Panel), make sure they are all different. This way if someone gets your forum password, it's not the end of the world. Another good thing is to change the admin directory, and put a password on it. This way if they find your hidden directory, they still need ANOTHER login to even access your ACP. :)
If you use cPanel, Kloxo or something similar, you should create a client/reseller account that does not have the privledges to delete MySQL databases/rows. This way, you can randomly generate a massive password for the main account, and write it down (so it can't be electronically hacked), and if the account you created gets hacked, your databases won't be compromised.
I've done all of that, it works very well. But you can only protect yourself so far. Good luck!