1) YOU CANNOT MAKE A PHP SCRIPT THAT IS UNCONDITIONALLY SECURE. This is because it runs on a web server which has security flaws, using the php engine which has security flaws, over the http protocols which have security flaws, on an operating system that has security flaws.
2) YOU CAN MAKE A PHP SCRIPT THAT IS COMPUTATIONALLY SECURE. So your script will be penetrable but it will be significantly difficult that the hacker won't bother.
3) ANY SYSTEM IS ONLY AS STRONG AS ITS WEAKEST LINK. Make your program more secure then the rest of the system and you're in good shape.