I am sure you do, but what about average PHP programmer? There are thousands of tutorials on the web which teach the insecure way. And even in this thread, there are many people who mention "ease of deployment" as #1 PHP advantage -- do you think they'll lock down their installs?
So if starting a new project, you either have a choice of going with PHP and trying to re-educate many experienced PHP programmers that their best practices are insecure... or maybe choosing some other language, like Golang and Python, instead. Those languages are secure by default, there is no need to force people to go against the grain.
With the greatest of respect I don't care about the average programmer anymore. People can be incompetent in all sorts of languages. I care about my own work.
I've implicitly mentioned "ease of deployment" myself in this thread, I think, and probably in others, and I don't care for the assertion. I suggest you ask the others who have, what they mean.
"Secure by default" is a big claim. Secure against this particular problem you identify, sure. But let's not over-egg the pudding; there are still vulnerabilities in popular Python frameworks.
So if starting a new project, you either have a choice of going with PHP and trying to re-educate many experienced PHP programmers that their best practices are insecure... or maybe choosing some other language, like Golang and Python, instead. Those languages are secure by default, there is no need to force people to go against the grain.