That’s a fairly serious accusation and warrants an investigation if true. Can you be more specific please?
bbPress does a lot of filtering of user input to avoid these things. What part of bbPress was exploited? A topic, a profile?
Code injection in bbPress installs is usually a symptom of insecure shared hosting, not bbPress itself.