Of course; the best comparison you can make in security here is the amount of raw memory access.
People condemn languages for two security reasons: the average level of competence in products usually written in a language, and the amount of footguns a language provides.
PHP is very easy to learn, which is why a lot (really, a _lot_) of open source software is of very questionable quality. For many, it's the first programming language someone learns, which means the quality is often far from what a developer is capable of with a little more experience.
PHP also has a lot of weird functions and behaviourisms, all perfectly well documented (but nobody really reads up on the details of `isset`, it seems). APIs seem inconsistent and mysql_escape_string and its cousin mysql_real_escape_string tell a story of a problematic history. There's also the typing issue that plagues all loosely typed languages.
I personally consider Go to be more secure of a language than PHP or Python because the behaviour is a lot easier to understand.
Of course properly written, typed, well-tested PHP can be a lot better than many Go products, but the expectations for the different language are just different because of the different levels of experience programmers are when they start with each language.
Every language has its troubled history, but PHP is especially famous for security vulnerabilities by either beginners or intuitive API design.
It might have something to do with the fact that PHP is still taught in a lot of web dev classes (though NodeJS has taken its crown) and that Go is relatively unknown for beginning programmers. Python generally just runs on your own machine because it's not as optimized for being a web language like PHP has been.
If you heard anyone discuss language X being more secure than language Y, then I'm sorry - but that person has no clue what they're talking about.
PHP is as secure or insecure as Pythong / Ruby / Go / <insert language here>.
Hammer depends on the one holding the hammer.