what would you suggest? for all its faults, PHP has seen a lot of hardening efforts over its lifetime and its security flaws are well known and can be compensated for.
but on the other hand, it is better than having unknown security properties like e.g. ruby or javascript on node.js. While node is built on the venerable V8 engine which has strong security roots, its core libraries and dependencies are less well explored. Plus javascript is generally a terrible language for secure programming.
I'd rather have ample documentation on how to harden my PHP application than no documentation on how to harden my Node application. Security through obscurity is no security at all. Plus, many of the mitigation strategies are simply rules like "don't use mysql_query" or "use htmlentities with ENT_QUOTES and UTF-8 to escape your output", both of which can be built into a framework. See: laravel.
[edit] downvoting is much easier than formulating a response, isn't it?
You are argue that php is better then than using ruby or javascript. Now I could perhaps weight in on that somewhat dubious claim but I'd much rather ask why are you restricting the pool to php, ruby, and javascript?
Why not Python, or Go, or even Haskell? There are many languages other than the three you mention which have much better reputations for secure web programming.
You likely got downvoted because you presented a false choice to back up your argument.
I chose the languages above mainly due to their popularity outside the sphere of silicon valley - you are right that I should have included python in this list, but go and haskell are still only popular in a very restricted audience and I myself haven't used them - they may well be better for secure programming, they just didn't come to mind when I was thinking of examples.
* The language itself has a pretty good security track record
* The more popular application frameworks (Django, Flask, et al.) seem to be doing pretty well
* Process isolation techniques are well-known