There is nothing of potentially insecure redirecting to your own domain or subdomain url. But by default phpBB do not let redirect out of his install folder. As the comment explain about this function, at line 2283 of file phpBB includes/functions.php:
If you find out a different way, secure as the one i suggest on wp_w3all procedure, and better than this to redirect external phpBB, just suggest it please. In the while the procedure to follow is here:* This function is intended for urls within the board. It's not meant to redirect to cross-domains.
phpbb login-redirect
There are tons of posts about this argument www. I have resolve in this way at moment.