PHP can do cool things, even if it does suck. (Whitespace errors, anyone?)
Still, using web power tools like PHP means you can really fuck things up in a big way. And if you don’t, I’m sure those damn script kiddie hackers will be happy to do it for you.
So here’s a nice little checklist of issues you can be on the lookout for. Most of this stuff is just defending yourself against your own stupidity, but hell, that’s half the battle.