Don't be in a hurry to scroll through my post - it's not about the code, the threshold of entry, frameworks or lack of backward compatibility.
I relate to PHP from the side that is concerned with its hosting and security. Of course, now it will not be difficult to stuff the code with the interpreter into the container, but here's the safety ...
Look - every time you access your code through the web interface, you launch an interpreter that reads all the files and generates a response. Including the file where you so carefully specified the access to your database. And do not rush to encrypt it - after all, you also need to take the decryption key somewhere, right?
I just already see how, using one of the vulnerabilities of older versions, an evil hacker breaks your application in ancient PHP5. After all, no one supports it anymore, and the lack of backward compatibility prevents you from switching to the new version.
And so the evil hacker pulls the file with the database access, happily reads and grins, launches a request for execution, which pulls your lady out of the database and meekly gives it to the villain to be torn apart.
And it doesn't matter if you have a regular blog or business card site there. And if an online store? What if a financial application?
Don't say there is no PHP in fintech. There is. I have personally seen.