From what I remember of php applications written around 2009, a lot of them had SQL injection and bizarre roll-your-own-security vulnerabilities. There were some pretty appalling things like the same (wrong) CSRF token validation code being copy-pasted into fifty different files, or passwords saved in plaintext, or customer credit card info sent over email, or every single site being mashed into joomla and drupal no matter whether it actually fit and then never updated.
There are a large number of non-professionals and beginners coding in PHP, they start from say an existing WP plugin ,open it in notepad and start editing until it works,
it happens in JS land too, find some js package made by a newb and run a linter on it, I see issues on code that is written by coders with a few years of experience where they do not use properly the array functions, do not use correctly the lamda, they copy paste same code in 3 or more places.
Do you think that all js,Ruby or Pthon dev would properly use SQL without an ORM? I dpn;t think so, I found recently bugs in a JS codebase where file upload would fail if the file had non US characters in it's name because some parameter was not url encoded, so all developers make mistakes and ORMs were not popular at that time to prevent this kind of mistakes for SQL.
These are all examples of pretty amateur mistakes. This reads more like an argument for keeping senior devs on the payroll than a warning about not using a framework.
A framework will not prevent things to become a mess, in the angular project I inherited in most places the rootScope is injected everywhere, I do not blame the developers either, the angular architecture is not great and when you have a lopt of new tasks for you to implement you don't always have the time to reimplement things, but sometimes the correct solution is not used , though you may want to claim that your favorite framework makes it harder to do the wrong thing.
