I'd say that's a good follow-up that fits in here.
I think it's taking the "separation of concerns" idea too far to use it in this case - request and response are generally closely related, and you will frequently need to use some of the request parameters in rendering the response. If JForum used JSP then this would happen automatically. Since it uses FreeMarker, all parameters required in the response are set in the
Action classes. Sure, the authors of JForum could have decided to add code that sets all request parameters all the time, but I agree with this limited approach simply for security reasons if nothing else (minimizing the attack surface in case of FreeMarker vulnerabilities).
By the way, if you post questions on multiple sites then
you should https://coderanch.com/how-to/java/BeForthrightWhenCrossPostingToOtherSites for the reasons explained on that page, and provide links to those other discussions.