[SquareWheel]

That's not unreasonable considering that PHP is by far the most popular server-side language. It's not like we have many hackers targeting Erlang instead.

[rglullis]

It's out of proportion. Take as many Django/Rails/ASP.Net exploited sites that you find and it won't hold a candle to PHP.

Also, want to talk Java? Let's not forget that log4j was exploited precisely because of implicit string conversions.

Implicit f-strings are a really bad idea.