[bgraves]

I don't have any first hand knowledge, but I generally stick with the conventional frameworks for any significant projects (programming language agnostic) especially when user data or authentication is concerned.

Here's a few potentially helpful links:

SO Community wiki on PHP Frameworks: http://stackoverflow.com/questions/2648/what-php-framework-w...

SO discussion thread on custom php frameworks:http://stackoverflow.com/questions/2885384/custom-php-framew...

SO discussion on using custom frameworks vs. Zend:http://stackoverflow.com/questions/4368316/looking-for-custo...

Creating a Secure Login System the Right Way:http://tinsology.net/2009/06/creating-a-secure-login-system-...

I think the biggest reason to use a framework is because of all of the unknown unknowns about web security. You certainly don't need a huge framework to handle the basics of web development, but once you get into anything past that it's better to have a framework. Andre Torrez wrote a memorable piece on just some of the unknown-unknowns [1]. There are a million little pieces that are non-trivial to the success and safety of web apps that need to be addressed.

[1] http://notes.torrez.org/2010/12/learn-to-program-in-24-hours...