[dumbphone]

> (can't believe I used to use pure PHP!)

Actually, pure PHP (I assume by "pure" you mean "with no framework") is the safest of all, providing that the programmer is experienced. Hackers target known vulnerabilities in popular frameworks/CMSes/etc., so with a homemade mini-framework built by an experienced programmer you're better off security-wise than with a popular framework.

My point is not that you shouldn't use a framework. I personally love Django and two or three PHP frameworks. I just wanted to add a little perspective to the discussion of "pure PHP".