[mercurial]

Your rebuttal would only be correct if the two following propositions were both true:

- software cannot evolve

- the notion of sanitizing input/output has magically appeared out of thin air in the last 15 years (I'm pretty sure that Perl Mason could do that when it first came out, around the same time PHP did)

Since clearly neither is, attributing the current state of affairs to bad technical decisions early on followed by inertia is the most logical explanation.

It's like comparing Java and C#: C# has managed to regularly introduce interesting features, while Java has stagnated for a long time. Of course it's easier when you start from scratch, but especially for simple features like escaping, which I highly doubt would require major changes in architecture, there is simply no excuse.