Both languages can be used Insecurely. However, building web applications using modern architecture rather than php will lead to less security vulnerabilities. For example, building secure apis and using zero trust communication between the client and apis. Also using server side languages that provide some level of protection against mistakes like leaving open injection gaps. Unless you are security scanning an application you can’t say for certain it is secure. Security is a methodology not necessary a language although some languages do make security gaps less likely. Furthermore, building apps without being concerned for modern ux is doing a major disservice to customers. A pleasant modern ux will destroy a old legacy server rendered app with a bunch of page loads any day. Also pos systems are a little different than web apps even though they can be built as such since pos need to be always available. Therefore, it is typical to run the front end directly on the hardware and sync with a remote data server or api.