PHP is not inherently insecure—but some deprecated and now removed or disabled-by-default features were in the past. It all depends on the way apps are developed on it. You can create web apps with security vulnerabilities in any language/framework you use, whether it's PHP, Python, node.js or anything else.

Regarding scaling, node.js is probably faster because of the JIT compiler, but this doesn't mean that scaling is not possible. Wikipedia is PHP, Wordpress is PHP, and Facebook is also PHP (with HHVM).

> It also doesn’t scale well for the size of modern web communities.

I guess this would be more of an architecture question, rather than one of the runtime itself.

There are many sites out there that scale decently that are running on slow or sometimes slower runtimes than PHP, like Python (the Django framework comes to mind) or Ruby (the Ruby on Rails framework comes to mind). For example, consider the following: https://www.techempower.com/benchmarks/#section=data-r21&l=z... (disclaimer: sometimes benchmarks contain pretty optimized code, but here I'm selecting for the more idiomatic and boring ones; I don't want to show the benchmarks that show PHP ahead of everything, because native plugins are used there)

Someone mentioned Wikipedia and WordPress being PHP, I'll also mention Instagram and Spotify using Python and GitHub and GitLab using Ruby. If your app is architected well, then performance of any of these runtimes (or others) can be good enough, though of course one can also talk about some of the benefits of needing less resources to do more (e.g. with Go, Java or .NET, or even Rust).

Though admittedly, PHP is also popular in shared hosting, which might give it a bad reputation due to the architectures typically employed there (single server with single instance) and security has indeed been a topic in the public eye, especially because PHP was easy to get started with, which lead to a lot of projects by devs that weren't skilled.

That’s a reputation PHP has been struggling to shake for a long time now, but it isn’t the case as of the more modern versions.

Nextcloud being slow as a dog hasn’t helped my opinion. Most fast php sites seem to achieve speed mostly by aggressive caching to serve static content outside of php or having a setup that supports adding infinite servers to scale up.

> It also doesn’t scale well for the size of modern web communities.

What do you mean? Old forum codebases can generally easily support tens of millions of users, what “community” is bigger?