First of all, thanks for handling this so swiftly and taking it seriously. It's good to see how many people are willing to invest time in a forum like this.
That said, I'd also like to make some critical remarks. First of all: shouldn't there be a system in place to make people change their passwords? Right now, I can just continue using my account without changing anything. This doesn't seem very secure. Secondly: I don't think the site becomes any more secure just by getting rid of all the code. Granted, some if it may have been insecure, but I'm sure that code which has been written over the last week is not better.
I hope that especially the second point isn't as big as a problem as I think it could be. Of course, I won't pretend to know what code you used and how safe it is; if it's all part of XenForo I'm sure it's robust.