Among these points are comments about PHP5 features that "could be helping Wordpress users right now" including:
- Parameterized SQL input to eliminate SQL injection attacks
- Filter extension to combat XSS, CSRF, etc. attacks
- Prepared statement/transaction support in PDO and MySQLi
- Improved OOP features and support (code quality, extensibility)
Ed pushes that it's not about the slow adoption of PHP5 in other places. Its about the slow adoption of it in Wordpress so far as it relates to Matt:
The thing is, support of PHP5-only features in WP would give it better speed and security right now. And especially in the case of security, Matt’s reliance on what users say they want is a critical error: users don’t ask about security until well after it becomes a serious issue. Wordpress has one of the worst security records of any PHP application, so I'll go out on a limb and say that it's a problem now. Even if WP users aren't talking about it, WP's core dev team should have addressed this already.