|No such thing as a small change|
I don't quite follow.
perl is written in C as well. It compiles scripts to bytecode which it then executes.
The PHP interpreter is written in C, but does not compile PHP scripts to machine code. It still interprets them.
There's no difference there.
As far as security is concerned, I actually believe there is a whole lot of reasons to distrust PHP. Among others, POST and GET parameter names used to become global variable names - and a lot of folks I've seen writing PHP code still look at me like an alien when I tell them they switch that behaviour off. (Apparently, writing $HTTP_POST_PARAMETER or whatsitcalled for every variable is too much work.) A lot of sins any sane Perl programmer would advise against were freely committed in the PHP world in the name of convenience, and are only slowly being undone.
PHP is nice, sort of like shell scripts - so long as your task is miniscule, it is quite handy and can get the job done in record time. It isn't anything I'd like to build a complex application with however.
Makeshifts last the longest.