I think the original script it was based on didn't even have login per se. You just occasionally stuck in an admin password hard coded in the PHP to do a one time post delete or whatnot. It's mostly an anonymous forum after all. As more moderation functions grew a real login was needed and grafted on. Users still didn't have a login for a long time and instead had a special part of their username that was hashed when displayed to prove identity.