I have been taught, in programming web applications:
- separate code from data
- separate code from presentation
in short: three layers:
- database
- business logic
- presentation
Whoever said you couldn't do all that in PHP?
<snip>
with a proper templating language, you cant do these things. So 90% of your security problems are solved. In php you can do this. You can embed sql queries in your html pages and do all sorts of things - so how can you learn good practices? I try to train the programmers i get - and the ones who come from php background drive me crazy.
The fact that needles hurt people doesn't stop companies from manufacturing because they are *useful*. Just because PHP *allows* you to embed random pieces of HTML anywhere, doesn't mean you do it. There at-least a thousand frameworks and templating systems for PHP out there.
And I can think of certain cases where you might just want to, for example when you're making your "Personal Home Page" and you don't give a damn about things like MVC because you don't know how to program.
And NO, you don't need to a *super hacker* to write good PHP, you just need some common sense. I don't see why it is difficult to write good code in PHP; it's just like any other language.