For me the worst PHP sin is coupling of presentation with business logic. It's not that you can't write it in a better way, but it doesn't encourage you to, and if anything it encourages you not to.
A large number of security vulnerabilities are associated with PHP sites, too. I can't prove it is disproportionate (after all a lot of sites are written in PHP), but I suspect it is. If I'm right, then since security vulnerabilities are a class of bug, I suspect PHP sites tend to be more buggy on the whole also.
(I don't think that pointing at a few large sites and saying they managed to do it in PHP is any argument against this, by the way. It's a bit like saying that cigarettes don't cause cancer because your next door neighbour smoked and lived to be 100.)
