PHP is server side scripting language where as HTML is a hyper text markup language. PHP executes (interprets as it is a interpreter) at the server and sends response to the browser where it renders the page where as HTML is client side tool where it executes at the browser and renders the page.
when we speak about security , some people may think about having SSL to the site makes the site secure but PHP is a secure as any other major language , most people think PHP isn’t secure but . The problem with PHP is also the problem with every other single language. you can write insecure code in it, It’s a fundamental problem in every single programming language. The job of security is not up to the language. It’s not up to the tools that you use. It’s up to the people that use the tools. Even the best tools can be misused and lead to major security issues.Most of the other languages have all had vulnerabilities over the years.
Every single developer need to think about security when writing code, but everyone should be aware of security and best development practices. Using many of the PHP frameworks and tools that have come out in the last few years, It actually becomes quite easy to do security and not have to think about it.