"People should not expect PHP to be able to enforce security boundaries on a developer that has permissions to run custom PHP code," Gutmans said. "It's an inherently flawed scenario — and it's the wrong layer to protect in. People must rely on properly-configured OS-level permissions for securing against untrusted developers."
We can found no scientific discipline, nor a healthy profession on the technical mistakes of the Department of Defense and IBM. -- Edsger Dijkstra