[ukandy]

Running a payment gateway and authentication services is like painting a massive target on your back. The security must be impeccable, one mistake would be a monumental score on the part of a cracker.

A VPS introduces many layers of possible weakness, that could be used a entry points for an attack.

PHP just isn't the right tool for the job. I agree with you, that at this point in time it's secure. I trust that other languages, with smaller, simpler code bases will be more secure over time.