As said, cgi/perl scripts can be more harmful to the server in general. PHP scripts are usually more secure, as long as certain things are checked and filtered(injections, etc.).
In all truth, ANY application that has it's scripts freely available to the general public CAN be a target of an attack. ANY server that is not secured can allow for malicious acts to be taken upon trusted scripts.
It comes down to the server, scripting engine, the scripts themselves and the public user group. If you can secure the first three, the fourth becomes very limited in ability.