As mentioned earlier, Terry Chay wrote up a good response to common PHP security issues. Now there's this new post on Dynamically Typed with a few opinions on it.

One of the interesting points he makes is that there is a shifting balance between ease of use and flexibility on the one hand, and security on the other. Much of PHP's success can be attributed to its ease of use in early versions. Terry argues that, relative to other languages, PHP is very much focused on flexibility, and that the only solution to the possible security implications this can generate is better education.

He also feels that the language should make doing things the "right way" easiest, but acknowledges that that might be oversimplifying things a bit...