No it is not. Arguably, it never were. I mean yes, PHP had security bugs. So did all other platforms - including, for example, the Java one that led to Equifax compromise, which is as close as "everybody just lost their privacy" as any single break-in can get. I'd argue that PHP's security stance as a platform was never substantially worse than any comparable platform.
However, you get two additional factors: a) it's easy, therefore it attracts beginners and b) it's popular, therefore a lot of software uses it. More various software - more security issues. More software implemented by beginners - a lot more security issues. That was inevitable - any platform that was as low entry barrier and as popular and that appeared in the same time, when the web was exploding, but the understanding of how to manage security on the web was lagging behind - would have absolutely the same going on.
But, blaming the tool because a lot of people didn't use it correctly - and, also, because due to its novelty there weren't proper education and frameworks that made it easy to do the right thing - makes little sense. There's nothing security-challenged in PHP. It's just that PHP was there when security-challenged programmers started to build websites. Most of them grew up now and know how to do it right. Either in PHP or in any other language.
However, you get two additional factors: a) it's easy, therefore it attracts beginners and b) it's popular, therefore a lot of software uses it. More various software - more security issues. More software implemented by beginners - a lot more security issues. That was inevitable - any platform that was as low entry barrier and as popular and that appeared in the same time, when the web was exploding, but the understanding of how to manage security on the web was lagging behind - would have absolutely the same going on.
But, blaming the tool because a lot of people didn't use it correctly - and, also, because due to its novelty there weren't proper education and frameworks that made it easy to do the right thing - makes little sense. There's nothing security-challenged in PHP. It's just that PHP was there when security-challenged programmers started to build websites. Most of them grew up now and know how to do it right. Either in PHP or in any other language.