Re: glad its you instead of me.
Whats PHP got to do with this?
Are you suggesting PHP is insecure?
It can be. But theres numerous ways to implement PHP to make it vastly harder than .NET.
You dont even have to run PHP on the same server as your http daemon. That in itself can add extra security. Subject to your config / network security.