Redirect them to a page they can look at.
Suppose this situation occurs:
A search engine finds a post it cares about at http://example.com/forum/5/51. That post is deleted. A user searches, and is sent there.
Would you rather have them see "you idiot! do you think you can haxor
me!" or your opening page? 
If you want to make the distinction between "possible hacking attempts" and "pages that don't exist" you can probably render :file in your controller, and directly render the 404 file. If you do this, be certain to set the 404 response code. However... would this break some web caches, since the 404 response might be cashed? I don't know.
I'm comfortable in displaying a message like "You cannot edit this item" and redirecting them to the item's display page (if it's public) or to the list of items they can see, or to the home page, as appropriate. I do the same thing for "record not found" as "you cannot edit this item" in the redirect part. I just flash[:notice] them about their lack of permission too.
--Michael