Mike Adams spoke about Three Security Issues You Thought You’d Fixed at WordCamp San Francisco 2013. Although this was at a WordPress event, the security issues he talks about apply more broadly to PHP and web sites in general.
I work with Mike at Automattic and we are hiring. If you enjoy bunny puns you should check out our list of open positions.