This type of structure (which yesterday I learned it is called 4th level domain) 
is technically possible, yes.
This is not what @Tgr said. The idea is general for web security and not specific to this site: vulnerabilities in a subdomain may extend to the domain and to other subdomains, and this is a good reason to think it twice before mixing different applications under the same domain.
Discourse is a well maintained software that releases updates basically every month and especially highlights security updates. This forum is hosted in the server of the company leading the development of Discourse, and we get the security patches and other updates as soon as they are released.
I agree, and we trust this platform and this contractor. They have gone through the security and legal review process common to all our deployments of third party software. This is explained in this topic pinned to ensure that anyone interested doesn’t miss it: User privacy considerations in this forum.
We can safely go back to the discussion about names and domains.