Hey Nick, yes that is one way to do it, although in the current interweb, not necessarily the best way (BTW my current gig is Systems Security and PSec Engineer for BAE Systems, just to give you some context of my thoughts). The history (and construct) of this site is very different to the original depot that your dad set up. As I understand it (Dante correct me if I'm wrong) Dante had been involved in a ada Faceb**k thing and had a craving for what we had (forum wise) when your dad ran it all. So he used SMF and set up the current forum using his hosting mob. Initially it was a subdomain under his Graphics business site. It's not a huge problem to point the domain any where we need it (though takes a little time as San owns/pays for the domain name). The recent problem was because Dante's hosting mob sold a bunch of it's customers to another hosting mob. Once San moved the IP address to the new mobs nameserver(s), all was good again.
I have no issue with someone setting up a computer to run it all (like your dad did, & as you suggest), but then it needs to be maintained, patched, protected etc as it will be attacked constantly. We all do this in our "spare" time. The reason registrations are disabled is because I/we don't have time to keep the miscreants and internet arse holes off the site (I used to spend 3 to 4 hours a night after work every day cleaning up the shit they post/leave etc, mostly to get their google score up). Moreover having a SSL/TLS cert won't stop any of that.
Now making the site https is somethings Dante and I (and even Van before he deleted himself) were discussing. My motivation for it is that browsers are starting to insist on it. This is a public site so tunneling posts through TLS (I assume you know SSL is now deprecated) is of little relevance to us. As a http site, users passwords are however, in the clear and susceptible to Man in the middle (MITM) attack. How much do we care ? There is no reason to care about posts, they are public, passwords is an issue (that does worry me), but the main driver would be browser functionality, we are getting closer to browsers not letting you connect to anything that doesn't have a valid TLS cert. I'm not sure a free TLS cert is a good option, they are routinely abused. But we have been talking about making the site https. Ideally we would use TLS 1.3 as TLS 1.0 and 1.1 are now deprecated (SSL is a thing of the past as are MD5 hashes).
Unless someone wants to do all the effort of hosting the site on their own equipment (and ISP bandwidth), using a hosting mob is an easier and, in most ways, a more secure way to go. They do the security patches to the virtual servers and backups etc and provide some protection from DDoS and hopefully provide some basic IDS & IPS capability.
The original depot site was in a different time. Internet connection was via 56kbs (if you were lucky) modems. Yeah there were bad guys, but nothing like today.
Dante has done the backend hard yards for us, well it's really his site, he set it all up and he pays for it (albeit, more recently, we did get some donations to help him), also we don't allow adds and we have no affiliations, if there's no $'s involved, we are less a target.
Cheers R