I don't know the details here, but its quite likely it "only" has to do with certain forum back end software.
TapATalk is a component that is installed on the web server as part of your forum software, so it has access to everything basically as far as the site is concerned.. RF uses VBBulletin and is at least one major version behind from what I can tell. (upgrades aren't always fluid, sometimes it doesn't make much sense to do them, and its happened before that sites basically get lost in the process) Its quite feasible that the issue was patched in newer versions, or only in other back end software.
Again, I DO NOT KNOW THE DETAILS, just adding a reasonable guess as far as what might/could be occurring.
You could likely PM Rev at R2r, or even just start a question thread on other forums to see if they are aware of vulnerabilities.