Correct, YouTube uses Adobe Flash Player to play FLV files.
There have been a million Flash Player vulnerabilities in the NIST database, but I don't know any specific attack vector used through forum imbedding.
I'm not saying there aren't any. I just don't follow that stuff that closely.
My philosophy is patch and take your chances.