I checked further. There is a bug on HEAD. Look in forums-security-procs.tcl. If user_id is not specified to assumes registered user for checking permissions.
Around line 65 can_post_forum_p procedure.
I am not sure what exactly the goal of that change was, but I am pretty sure it is not working as expected.