I don't think PHP's secure by design, because they allow developers to be vulnerable by some of PHP's defaults. And actually Pert Soomann pointed one of them out.
Although I don't believe that's an issue in new versions of PHP.
And now-a-days I believe it's mostly developers' fault for insecure PHP applications. Especially since PHP-7.2.x ships with lobsodium for cryptography, htmlentities for XSS protection, filter_var for both validating and sanitizing variables(I don't see many apps use this though).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Examples to back this statement up?
I don't think PHP's secure by design, because they allow developers to be vulnerable by some of PHP's defaults. And actually Pert Soomann pointed one of them out.
Although I don't believe that's an issue in new versions of PHP.
And now-a-days I believe it's mostly developers' fault for insecure PHP applications. Especially since PHP-7.2.x ships with lobsodium for cryptography, htmlentities for XSS protection, filter_var for both validating and sanitizing variables(I don't see many apps use this though).