cgi scripts and php scripts and security of scripts?

CGI scripts could be put out of the web root, so it could be a little safer than put in the web root.

But PHP scripts should be in the web root, so it is less safe than CGI scripts in this term?

Any comments?

See your other post.