>>27
I guess OOP is more about design than security.
I did figure out how to prevent that >>26 from working.
If you declare members of a class static and private and use protected methods to handle them, then you can prevent their visibility (in this case).

<?php
class foo {

  private static $key = "password";

  protected function show() {
     echo( self::$key );
  }

}

$obj = new foo();
$a = (array)$obj; 
echo $a; // An empty array gets printed
echo foo::$key; // Fatal error
echo $obj->key; // Fatal error
foo::show(); // Fatal error
$obj->show(); // Prints key as expected
?>

So it seems that $key is nicely hidden this way.