I know my old forum hoster www.thebestcode.com had hosted me a forum, and is still using phpBB 2.0.8
The admin can upgrade from 15 to 17 but be warned they will change to 18 soon since I spoted something wrong with 17.

Anyway when you change files you have to change alot of stuff.
theres probably about 1000 users using the free forums, and would take for ever to inform DB to all of them.

Anyway I just update the files and nothing bad will happen.
Normally if a hacker knows what version you are using they normally know what to do.
If you change and confuse them they won't know what to do is kind of a security thing I picked up over the time.