The WACT (Web Application Component Toolkit) Wiki on PHP application security: "This is a list of common security concerns for web applications that can be or should be solved at the application development level with a focus on PHP solutions." (Through Dynamically Typed.)