I totally agreed with the fact that “PHP itself isn’t insecure”, it depends on how you code in it. I have written most vulnerable code in my life and rewritten quite couple of times. No one cannot bet that PHP doesn’t/didn’t have any flaws/security holes but they are found, reported and fixed quite soon after its release because it is quite popular and holes are found on time.
If someone doesn’t upgrade the fixes on time then that’s not PHP’s problem ! Be updated and write code securely, otherwise your child can get the knife and cut anything.