Its not about PHP, any vulnerable software may be used for infection.

PS You're safe if you have no server :)

the php dropper discussed is the least interesting part of the article. it could be implemented in any language.

Furthermore, if your web server (or database server, or any other interet-facing service) is vulnerable, it won't matter which programming language you are using. Assume that all input is hostile.

Only as the dropper. Presumably the other parts of the malware (libworker.so, etc.) could be repurposed and coupled with a different infection system.

I'm assuming the down votes are because you missed the point of your parent. The example uses a PHP script for uploading the payload, but that can be swapped out for nearly any language on a server. They all require an exploit to get the dropper on there anyway, so that's a barrier. PHP isn't the point here though, it's the interesting damage the exploit that gets pulled down by the dropper can achieve, without needing to use privilege escalation.