PDO is a binary extension...so while there is a slight over head...honestly the performance loss is minimal, considering you get data access abstraction.
Speed: PDO is slower then mysql_*. It might not make much difference for small to medium sized apps but once an app gets big enough the difference in speed will be noticed.
What, you mean manually, so a programmer can forget and have a SQLi injection occur because of human error? :P
PDO may have an advantage over mysql_* with the use of prepared statements but I feel that any values for use in a query should be escaped and validated before being added to a query.
PDO handles escaping for you...
That is why PDO is said to be a data access layer not a database abstraction layer...besides it could be used in conjunciton with an OQL which would then offer a complete and robust database abstraction layer. You would be able to literally and seamlessly switch RDBMS with the flip of a switch. That is the eventual goal of Rapid Database.
Each database has it's own variations of SQL, until all databases use exactly the same SQL command set, in exactly the same way
If you know you are always going to use MySQL sure...but most developers (for one reason or another) like the option of being able to make the switch. I always use MySQL (I have never used another database in fact -- other than Access or SQLite) but I still prefer PDO "just in case".
To handle the various databases PDO must have the code for communicationg with them but if you know that you will only ever use MySQL then a lot of the code in "baggage" as far as your app is concerend as it would only need the code for accessing MySQL