I used it years ago, I seem to remember it was the only thing I could find at the time that ran a BB without using any DB engine - it ran entirely off flat txt files, which meant I could run it anywhere I could run cgi perl. one things for sure... you'll never SQL inject it
It's PROBABLY hugely insecure though... I would spend a few minutes Googling Yabb vulnerabilties and Yabb vulnerability first to see if there's anything in the public domain that'll ##ck you up.
have a nice day