It seems to me that if someone wanted a web application framework to be successful that focusing on a strong, yet unobtrusive, security model would be important. One reason PHP is avoided by many developers is that so many PHP applications are full of security vulnerabilities. I’ve always been a fan of escaping all content except when otherwise specified, the opposite of how Rails operates. I remember investigating early plugins to accomplish this but without much luck. It seems like there has been a lot of activity in this area and I thought I would investigate the landscape again.