Security-aware PHP programming
David Sklar: PHP and the OWASP Top Ten Security Vulnerabilities
John Coggeshall at ONLamp.com: ONLamp.com: PHP Security, Part 1, Part 2, and Part 3.
Clancy Malcolm at ONLamp.com: Ten Security Checks for PHP, Part 1, and Part 2.
Jordan Dimov at PHPAdvisory.com: On the Security of PHP (Part 1)
Quite old: Shaun Clowes' A Study In Scarlet - Exploiting Common Vulnerabilities in PHP
And, of course: The PHP Manual on Security