Before claiming that a stereotype is false, please be sure that it is. Looking on secunia, PHP 4.3.x has had 4 security advisories this year, of which one is still unpatched. (A remote information exposure bug.) Last year they had 5 advisories of which one is still unpatched. (You can locally hijack port 80.) All of these bugs affected all operating systems that PHP is on.
in reply to Re: Looking for a perl webmail
in thread Looking for a perl webmail
In that time Perl 5.x has had one security hole, which is now patched. That was a buffer overflow bug in the Windows version of stat.
From that I'd say that PHP really does have a security track record that could legitimately cause concern.