>but even then a badly designed PHP script can open up your server to everyone and everything.

That's why if you code a WELL DESIGNED PHP script, PHP doesn't suck and isn't unsecure. Amazing! As posters in the beginning of the thread have stated, learn it before you hate it. It's very possible to code a PHP script which can't simply be altered by outside means.

Of course, I'm going to admit right now though that NO CODE is ever 100% secure. There's always another way in EVERY language where the server can be broken into.