There's some debate in regards to PHP being an insecure language. Might have to do with the fact that over 65% of all websites run PHP (WordPress), and there have been a string of high-profile vulnerabilities in the news in recent years. Not making a claim either way, but could be why it was listed as a negative.