PHP programming was written to be an easy language to program. Completely opposite to being very security oriented. It was so until the 4.1 version. Undeniably, Php has grown to be popular in the short term. But it also created many, many, very badly written scripts. And it gave a very big number of programmers a mindset which is not inclined to the security aspect of programming. Maybe, the main reason behind it, is the automation of conversion by PHP of inputted data to script variables using or enabling though php.ini setting register globals. In the 4.1 version of PHP, this type of behavior was left enabled but was not recommended to be used. With PHP 4.2, this type of behaviour was disabled by default. It broke thousands and thousands of scripts worldwide. This dilemma led to forcing the coders to write more secure codes. They made scripts break. This was opposed stongly before but somehow they saw that the move was a smart one.