That is incorrect. There are so many cookies you can access. There is also a link to the forum, which could be intercepted and there is something for someone to pretend to be an "admin" about.
"Hey, so I see you are new here, I am going to need you to make a new password. You can just send a message in this format,
Old: OLDPASSWORD
New: NEWPASSWORD
and we will set it. Sorry for the inconvenience, we just moved over to a new system and the devs messed something up haha."
When thinking of security on the internet, it is important to think of every possible situation. Hackers can be quite creative. There are at least a million variations of the website redirect where it tells you to download a virus but it is "windows-fix.exe"
While you are somewhat accurate, since no sensitive information is actually passed through it, there is a way to get that information.