It seems that there is a heavy security issue in PHP. It involves the way it handles POST method in html forms. You can find more information about the bug in e-matters Security and from PHP.net.