It's not that it's secured with PHP, it's that it's not secured properly. Given the scale of this screw-up, there's nothing tying it to PHP, and it could've been done in the HN language/platform du jour.
Maybe it's not the language, maybe it's all correlation and no causation, but software that happens to have been written in PHP does not have a stellar security track record. My logs don't fill up with lines like:
HTTP POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Yep. We are talking about cloud services revolution but the sad fact is that I can't trust these incompetents with my shopping list and need to maintain all my data and backups myself.
