There are a lot of strange assumptions on that first page:
- "for example, if you are using PHP to access a database, unless that database has built-in access control" - well, of course I will use a database with access control like MySQL
- "It's entirely possible that a web spider could stumble across a database administrator's web page, and drop all of your databases". Of course I won't run PHPMySQLAdmin or Adminer on a production server, nor will I expose it to the public.
- also none of the above has anything to do with the PHP execution model
The second page might raise some valid issues but for instance the bullet point "mod_php is loaded into every httpd process all the time. Even when httpd is serving static/non php content, that memory is in use" - doesn't matter to me when I am running everything through index.php routing anyway.
"mod_php is not thread safe and forces you to stick with the prefork mpm (multi process, no threads), which is the slowest possible configuration" might be true but also a premature optimization.
Maybe mod_php is really bad but the arguments presented here are not very convincing to me.
It's a security nightmare. https://www.php.net/manual/en/security.apache.php
Even Apache httpd discourages the usage of mod_php. If installed, Apache recommends some extra configuration to limit memory leaks. https://cwiki.apache.org/confluence/display/HTTPD/php