I believe the statement
"PHP web applications are one of the most commonly attacked pieces of software on the Internet"
Is not because PHP itself is inherently insecure but that it is one of the most widely used systems for web applications.
I cannot advise on the follow up statement
"problems that may be easier to solve by limiting the privileges of the PHP interpreter through other means."
But on my reading around this issue there seems to be a consensus that safe mode is approaching security issues from the wrong angle, i.e. putting locks on the front door without checking the windows.
But I am in no way an expert on this.
Security and privacy
Security Issue of Moodle
This discussion has been locked so you can no longer reply to it.