I wish I would have time to study punBB's code :-)
Well, I've come up with another solution, so called "tokens"/"hidden fields" as suggested on Wiki
In the terms of the speed it doesn't require a lot of resources: this cookie is being set only once when a member or admin is being logged in. It will be deleted when the browser is closed, and re-generated when it's opened. It is read only when topic or message is being deleted, so basically the resources it uses are closely to zero.
I've temporary updated miniBB forums only following this solution, and my colleagues agreed it's the best in the term of the security/simplicity. However I will wait for other comments regarding this to be sure this is exactly how
we would like to fix this issue. Basically, it requires update only of 4 scripts and a template, which contain just few lines of the new code.