This “where or how should I build my PDO object” decision has nothing to do with security, at least not directly. So, you are ok on that.
I’d say, using the trait for the PDO object building, as you have in the second example with the Blog class, isn’t really the way you want to go about it. To make my concern more clear, I would imagine you would need the PDO object for other calls to the database within one request of your application. Correct? How would you get the PDO object out of your Blog object and into the others to use it? In other words, you shouldn’t really be creating multiple PDO objects with traits within all those classes, which need access to the database. In general, you should only be building one PDO object and passing it to the classes that need it. So, DI is closer to what you need. This will help you later with testing too.
Can you also post the code you have under ConnectPDO?
Scott