PHP web site compromised

Nothing but it probably shouldn't be possible to cause your whole interpreter to segfault due to incorrect use of an API. That's a violation of the layers. If I want segfaults I'll program in C. Otherwise I expect to get errors at the standard level of abstraction of the language, so that e.g. I get a stack trace of _my_ code at the time of the error, not a stack trace of the interpreter.

I think the complaint about XSRF etc is there because PHP was intended to be used to create websites and not much else, so lacking essential tools for creating secure websites seems like a valid criticism. It's incredibly rare to see it used for anything else. If it's not ready for website creation out of the box, what is it ready for?

As for sort vs rsort, there are 12 slightly different sort functions mentioned in that post. Most other languages have 1 (maybe 2: in-place vs copy) and a way to make it behave as needed (PHP's usort, essentially). Yes, some of those 12 only exist to provide "a" and "k" versions but what about natcasesort? What if you want to do an ksort but use the same criteria as natcasesort, in reverse?

This shows a lack of wisdom and good taste (or even just an ability to copy what's done well in other languages).

I've worked with people who will happily just copy that chunk of code from X to Y and modify one line instead of stopping to think how to making a function out of it. These people always have a host of other bad practices and in some cases have written such terrible code that I've actually spent more time dealing with it and fixing it than if I'd just written it from scratch myself.

PHP's API has exactly that feel about it.