2.) From a security standpoint what is a better, open-source replacement to PHP?Ruby, Python, Java, C#, all of which are type safe, and therefore much more secure. All have open source implementations, including C# http://www.mono-project.com/Main_Page Crispin
Being type safe does not mean you can't screw up when validating user input. Also, PHP can be type safe, if you choose to use it that way.
None of these languages will fix badly written code for you, so they aren't more safe. You don't need to secure the specific programming language, you need to secure your own lazy ass producing bad code. Also, there is no better, open source replacement for PHP.
I got a good suggestion for you guys... if you don't write any code, it will be PERFECTLY SAFE! How does that sound to management?
If you write code, it will have bugs, and it will have security holes, so live with it. No matter how many graphs you draw and talk about it... in the end, it will still have bugs, and you won't be able to quantify them.
SkyFlash