I find it hard to believe that you do not know the dangers. Please google "php sucks" or "php security" and you will discover thousands of articles that address what I referenced above when I wrote "the dangers that arise from using such an easy-to-set-up language as PHP".
I also just posted a long comment up above in this thread, where I post quotes from several articles that have described the insecurity and disorganization that PHP makes so easy to achieve. You can view it here:
But PHP has more than a few security bugs: in many ways PHP is fundamentally flawed. The program, whose initials originally stood for Personal Home Page, was designed without much thought given to security. Many of the PHP features that make it really easy to write a Web application also make it really difficult to write one that's secure.
All of this matters just now because Stefan Esser, the founder of the Hardened-PHP Project and the PHP Security Response Team (which he recently quit), has threatened to make March the "month of PHP bugs." By that, Esser means that he is going to be releasing a series of security bugs in March that show the world just how unsecure PHP actually is.
What's driving Esser is both a desire to make PHP more secure and a good touch of anger and resentment at the current PHP developers who have taken many of his security patches and incorporated them into the program without giving Esser any credit. You can read more about his motivations in his blog entry and in the interview that he did with Security Focus.
How will this affect users of the Web? Well, a recent "Month of Bugs" project aimed at Apple identified a number of security problems that the company was apparently unaware of, but it didn't result in any serious worms or threats to Apple users. This month of PHP bugs might be a similar bust. On the other hand, Apple was able to push out a fix to these problems using the Mac OS Software Update feature. PHP has no such feature, and many ISPs run kind of elderly (and buggy) versions of the program.
In any thread that reaches this length, issues arise that somewhat depart from the original subject. I appreciate your effort to re-focus the conversation on its point of origin, but after so many comments have been written "the discussion at hand" inevitably drifts.
"Dangers such as?"
I find it hard to believe that you do not know the dangers. Please google "php sucks" or "php security" and you will discover thousands of articles that address what I referenced above when I wrote "the dangers that arise from using such an easy-to-set-up language as PHP".
I also just posted a long comment up above in this thread, where I post quotes from several articles that have described the insecurity and disorganization that PHP makes so easy to achieve. You can view it here:
http://news.ycombinator.com/item?id=2131602