Seriously, how can this still be possible?? Don't developers ever learn? Use / develop a secure database driver and let ALL your database queries go though that driver. And when I say ALL, I actually mean ALL!!! We've had SQL injections 20 years ago. There is no excuse to have your application vulnerable for this ancient shit! Really.
I know that my rant tells nothing new, but as a security professional, this shit is really starting to annoy me. I see this shit every week. And because of developers not being able to write secure code, companies get hacked, personal information gets stolen, governments act tough and come up with all sorts of security theater bullshit which results in my privacy getting invaded. So, yes, incompetent developers fucking their shit affects me personally! I really hate incompetent developers...
I don't care about these results, for the simple fact that nothing guarantees that Facebook won't make any changes to HHVM in the future that is beneficial for Facebook, but adverse for all other PHP based webapplications. PHP 5 is fast enough for me. PHP 7 being significantly faster is more than good enough.
Many people are unenthusiastic about your work.