Analogies are by their nature imperfect. The analogy here is that <item> is being criticised in ways that are no longer true, where <item> in the case of PHP is specfically "insecure by default", regardless of it's many other flaws. Seems fair to me.