PHP is great and I love it, but it does have some basic things that can improve it’s security simple modifications to php.ini can really increase the security. Locate your php.ini (find / -name php.ini) and then modify the following items
#Avoids system calls and buffer overflows
disable_functions = exec,system,shell_exec,passthru
# Injection protection
register_globals = Off# Turns off display of PHP version
expose_php = Off#Escape incomming quotes to avoid injection
magic_quotes_gpc = On
These will take huge steps to protecting your system