The WACT Wiki now has a page about Php Application Security which (I assume, judging from the style) Jeff added. Right now it’s a pretty much a checklist for things to watch out for, plus links to many a bedtime read (or not if you like to sleep well).
Although the WIKI was originally intended for documenting WACT, it seems to have taken on a life of it’s own, with pages like that about the Template View having become almost infamous. Good to see it’s become a shared resource, useful to PHP developers in general.
Feel free to add your input to Php Application Security and the pages leading off from it.