The forum ID is that they have access they just change posts or topic numbers!
I think otherwise... they copy topic/forum/post IDs to edit and then substitute "their" allowed forum ID. At least this is the way I did it on my own.
There is certainly a fix, and I'll try to look at it ASAP. The problem is in index.php, where $isMod is assigned... but it needs some time for me to think about it deeper, as it appears to be not an easy fix. I hope to come with the solution soon.
Thanks for this report!(The bug has been fixed in miniBB 3.0.3).