Here is an outline of the module/projects maintainers and their qualifications, regarding the modules I recommended, as well as the relevant modules for use on Drupal forums. Almost 100% of these are highly qualified developers (most are core contributors... this is not the case for "all" areas of Drupal modules of course, but the forum-related modules are maintained by a very strong group):

http://drupal.org/project/userpoints
Maintainer: kbahley ... one of the top contributors to the Drupal project, member for over 5 years. Owner of 2bits.com, gives talks/presentations on Drupal, often releases useful performance benchmarks and other tests on Drupal.

http://drupal.org/project/flag
Maintainer: quicksketch ... core contributor (for instance, added Drupal 6's drag and drop functionality), employee of Lullabot, which is the largest Drupal training and development company. Member for about 3 years. Also maintainer and/or heavy contributor to several others of Drupal's most popular modules: Webform, Fivestar, Link, ImageField, ImageCache, etc.

http://drupal.org/project/print
Maintainer: jcnventura ... member for over 1.5 years, has 1625 commits to Print module in that time.

http://drupal.org/project/votingapi
Maintainer: Eaton ... core contributor, works for Lullabot, extremely active in the Drupal community.

http://drupal.org/project/fivestar
Maintainer: Eaton ... see above. Also this module is "a tentatively officially supported Acquia Carbon project" (Carbon is a commercially-supported release of Drupal 6 + a predetermined set of modules for guaranteed functionality and support, run by Dries Buytaert, the founder of Drupal).

http://drupal.org/project/plus1
Maintainer: Chill35 ... member for 1.75 years, runs popular blog 11heavens.com. This module is also completely optional (unnecessary unless you desire digg-like voting).

http://drupal.org/project/notifications
Maintainer: Jose A Reyero ... member for over 5 years. Also contributor of the i18n module and runs the Drupal Spanish site.

http://drupal.org/project/subscriptions
Maintainer: salvis ... member for 2 years, also maintainer of ACL module (one of the most popular access control modules), Forum Access. Has 418 commits to Subscriptions module.

http://drupal.org/project/forum_access
Maintainer: salvis ... see above.

http://drupal.org/project/notify
Maintainer: matt2000 ... As the other subscription modules are much preferred, only mentioned this one for completeness.

Here is info on the relevant forum-related add-on modules that are listed here: http://drupal.org/node/227121

http://drupal.org/project/privatemsg
Maintainer: litwol ... Works for fastcompany.com (which converted to Drupal), member for over 2 years, is the organizer/manager for the New York Drupal group.

http://drupal.org/project/user_badges
Maintainer: Heine ... member for over 3.5 years, well-known and respected member of the Drupal community, member of the Drupal security team.

http://drupal.org/project/flatcomments
Maintainer: Heine ... see above. This module is only necessary if you dislike threaded discussions and want to ensure that all comments occur in sequence from oldest to newest or vice-versa.

http://drupal.org/project/user_stats
Maintainer: Liam McDermott ... member for almost 2 years, also contributed the vBulletin to Drupal converter. He runs a popular Drupal-powered forum http://www.webmaster-forums.net

http://drupal.org/project/signature_forum
Maintainer: Liam McDermott ... see above. This module is unnecessary, but useful if you want a variety of expanded functionality for signatures.

http://drupal.org/project/user_titles
Maintainer: Agileware ... member for almost 2 years

http://drupal.org/project/bueditor
Maintainer: ufku ... member for over 4 years, also contributor of one of the most popular media/image management modules for Drupal, IMCE.

http://drupal.org/project/quote
Maintainer: Zen ... member for 3.5 years, contributes to a variety of popular modules such as Privatemsg, Organic Groups, and Devel.

http://drupal.org/project/smileys
Maintainer: Gurpartap Singh ... member for almost 3 years, contributes to a wide variety of modules and themes.

http://drupal.org/project/commentrss
Maintainer: Gábor Hojtsy ... he was the core commiter for the version 6 branch of Drupal core. Member for over 5 years and prolific contributor.

Module security

Regarding the "Brilliant Gallery" module's security issue that was brought up in the mailing list: that was caught by the Drupal security team, which does go through (as best they can of course due to the volume) all of the contributed modules seeking out security issues. The Brilliant Gallery module is not likely used by any serious Drupal site admin (its low quality is pretty clear viewing the demo or trying it out).

Since literally "any" member can contribute a module to Drupal.org, it is important to assess the quality and security of any module you choose to use on a Drupal site (similar of course to choosing what programs are safe to install on your OS). A good plan of action that tends to be effective if you don't know already from experience which modules to choose, would be to read several of the highly detailed case studies that have been written about a number of high-profile Drupal powered sites. The case studies almost always list the modules that were used. Here is a link to case studies: http://drupal.org/success-stories ... particularly helpful ones include: New York Observer - a newspaper site, The Rake Magazine, The Vintage Aviator - Build Story, Popular Science, and many others.

Benefits Drupal modules (both core and contributed) have regarding Security and future upgrades:

- All module projects are hosted locally on drupal.org, where they can be easily located and tracked. Detailed history of every step of development is available. And there is a direct line of communication to report issues/bugs and request support the maintainer. Unlike other systems, you don't have to go to countless 3rd party sites to download modules. Even if the module is abandoned by its creator, that has no effect on its continued availability to users.

- Maintainership of abandoned modules can be easily taken over or assisted by following a pre-defined set of simple steps by any member of the community.

- All modules are 100% GPL (some modules may contain non-GPL components but those pieces are not distributed with the module itself... an example is TinyMCE).

- Update notifications... Drupal 6 core comes with "Update Status" which monitors all installed modules and immediately informs you the instant any new versions come out. Security releases are highlighted and pushed harder to convince you to upgrade those sooner. Adding on the Update status advanced settings module also adds enhanced options and email notification.

- The Drupal Security team searches through not only core modules but also contributed modules for security flaws. After a patch is prepared for any security flaw that is discovered, a security bulletin is sent out to subscribers of the Security newsletter (which of course "every" Drupal site admin should be a member of).

- In the future, helpful metrics on module use, ratings, etc will be available on drupal.org module project pages. For the time being there is this excellent resource: http://drupalmodules.com

Performance

I am currently learning how to bring the out-of-the-box forum module up to the performance level seen on the example sites I've mentioned. This info is a bit harder to find, since the "average" Drupal site is nowhere near the size where this becomes an issue. I'll be sure to share my findings.