Focus on the dream, not the competition.
I'd just like to provide some food for thought on websites and website design. This is my philosophy, and is not to be taken as gospel. I am not a website designer nor do I have any ambition to be one, but I do know a thing or two and have my perspective independent of any presented by the W3C (World Wide Web Consortium) or any others. My particular perspective comes from watching the web progress, little by little, from its humble beginnings (including a time before web browsers, when gopher was king) to what it has become today.
While my thoughts may not appeal to all, they have merit to me, so I judge things based on my experience. As a UNIX systems and network administrator, I pride myself on the security of sites I maintain. I've been around the block long enough to know that no site connected to the world is safe. I also know that there are millions of insecure sites (discounting Windoze systems, they are inherently insecure) begging to be abused by script kiddies. But that doesn't mean relatively secure sites are safe either.
I have had systems I administer broken into. These breakins I've been able to trace back in every case. And in every case, the breakins have been a result of poor security practice by users or client demands that certain (what I consider unsafe) software be used. I have also found that warnings don't help, these clients and folks need to suffer through the consequences and still often wish to continue, unabated, on their insecure course.
So without further ado, I present here my philosophy.
Today, few are the folks who do not use the web. A large number use it for entertainment, to look up information, to buy things, etc. A good number are impatient. Most just want a pleasant experience, and if a site doesn't impress them (worse if it actually is unpleasant to the eyes in some way), they will leave and not come back. So what makes a site that folks will return to? Why would you (or I) not stay or not return to a site?
A good website is all about aesthetics. It has to be visually pleasing, easy to navigate, and communicative (and this is a two-way street folks). That means that above all, content is important. But if that content (be it words or pictures) can't be seen or read or doesn't convey the appropriate information, it is less than worthless. Sites must present content, and in a readable fashion. I also don't want to hunt, but want information to be easy to find. Most importantly, I want to communicate back to the website owner, not just the webmaster. Providing a GPG key to send data in a secure fashion via e-mail would also be a nice touch, but not essential. What I don't want is to be forced to write a web page to communicate with them. Do you?
The next thing a site must do after having decent, informative content is present it in a pleasing manner. That is, it must be laid out in a simple fashion, not be overly or underly busy (although underdone is better than overdone), and it should be something most browsers will show. Color can set a tone. I've deliberately chosen red, white, and shades of blue. I could just as easily have shifted all the colors, or chosen a different style completely. Good web designers should understand how color affects the mood of visitors and choose accordingly. Just as elevator music is for elevators (imagine hearing hard rock blaring from elevator speakers), harsh, blaring colors are for harsh, blaring sites -- and will drive most folks away quickly. It's not just about graphics, but backgrounds and contrasts (or lack thereof) as well. Even a monochromatic gray site can be exciting if well done.
On the server side, web designers have a lot of leeway. Personally, I don't want to put extra junk on my servers. So I use what is loaded anyway, mostly Perl. Adding PHP just adds to the headaches. While it is easier to write in (thus its popularity), I find several truths to be self-evident. The truth is that PHP versions don't play well together, and I don't need to be bitten again like I was with the PHP 3 to PHP 4 upgrade disaster. Nope, bite me once, shame on you, bite me twice -- won't happen. The second truth is that PHP itself is a security nightmare. If you want to have intruders in your web server, run PHP. I've had several breakins that could be traced back through PHP.
Most likely, it wasn't PHP itself, but since a large number of web designers adopt PHP because it's easy to write to, and these folks are not programmers, they are writing code and not trapping input; that is, they are writing buggy, insecure programs. While that can also be done in Perl, generally, those writing Perl programs have a little better background, and Perl has a way to "taint" inputs, disbelieving and not automatically doing something that would cause harm.
When I need a database, I tend to use a real database that is ACID. ACID stands for Atomicity, Consistency, Integrity, and Durability. This pretty much precludes MySQL (not ACID last time I looked, and I now don't want to switch databases midstream). Unfortunately, this is the staple for most web databases. OTOH, if you don't care about losing data, go for it. I personally don't want to run multiple databases. Makes for a maintenance nightmare. That said, I run PostgreSQL exclusively, but SQLite is also a good choice.