Any language, including PHP, is neither secure nor insecure inherently. The critical factor is whether the application developer has taken care to secure his her code throughout the development process. In a shared environment however, special attention must be given to choosing a PHP SQL hosting provider that is aware of security implications of the PHP hosting environment.

An excellent article on the topic of PHP and security reads in part:
As with any powerful tool however, there are certain risks and dangers associated with the use of PHP....By being aware of the risks and observing some simple secure programming rules, it is possible to significantly lower the risk of security compromises....There isn't a definite omnipotent solution to all security problems, and in fact, the very concept of a system that is in a fully secure state is rather ethereal. Instead, security should be viewed as an evolving process, requiring constant supervision.

Some security considerations relative to selecting a php virtual host are whether 777 permissions are required, register_globals issues, whether PHP is running in safe mode, and whether file upload forms will work. Some PHP hosts will make it all easy, others simply won't be able to support your scripts.

Advancedphphosting.com is an informational resource on hosting sql PHP websites and choosing php hosting sites. It is hosted and sponsored by Modwest.