In a new post, Pádraic Brady wonders something that has bothered many a PHP community member at one time or another - "is one insecure PHP application too many?"
Unfortunately the nature of PHP as a programming language is that it's easy to foul up. And this has inevitably left the responsibility of security completely up to the individual programmer. The results have been less than comforting, leaving an internet populated by God know how many insecure PHP scripts and application written by well meaning but woefully under educated programmers and casual users.
He continues on talking about the education of programmers, PHP security resources, how the community reacts to the pressures of a wider audience hearing about the insecurities surrounding PHP apps, and some of the efforts the PHP development group is doing to help things (like the filter extension).