Please consider a create a xenforo version.
Especially considering that XenForo is more vulnerable than vbulletin in some ways: in the sense that it has no separate modcp which means that no directory passwords or separate logins are possible.
Correct, but moderators have access to admincp, so its not possible to add an extra layer of protection between moderator accounts and administration functions.