Harry Fuecks at SitePoint - PHP Security: Dumb Users or Dumb APIs?:
"There’s another round of “Is PHP Secure?” debate happening right now. Chris drew attention to it, pointing to a post by Andrew van der Stock (who’s a contributor to OWASP): PHP Insecurity: Failure of Leadership.
So the usual denials have been made (see replies to Chris’s entry)—”Damn newbies”, “Holes in PHP-based app != PHP insecure”, etc., all of which I agree with. But…
[...] What if Andrew does have a point? What if we’re living in denial?"