Exactly. I agree with that entirely. I’ve seen some really really insecure .NET applications in my life time. I’ve fixed a lot of insecure .NET applications. Same with Ruby, Python, Perl, PHP. It doesn’t mean the language itself is insecure, it simply means the programmer didn’t do their due diligence.
However. It can be proven that PHP among other languages (.NET, Ruby) do have security holes within the language itself. That’s what patches and updated versions are for though…