I think the point is that if you use a "new mainstream framework", you lose the traditional unique strengths of PHP by using it essentially the same way as you would any other language, so you might as well use a different language.
So instead of trying to be like other languages but with worse syntax and weird quirks, PHP could try to improve on the things that make it different and lead to its initial popularity.
The old security issues with PHP were if you used SQL strings queries without sanitizing user input, or using eval or a bad configured server where someone could upload a file and had it be executed.
So you can use PHP without a framework, you need a good configured server, use the correct SQL related functions and practices.
Example for a project you have a third party payment system that can send you a POST request when an event happens, you want to log this event in the database and maybe trigger a simple thing. I can(and done this) with just 1 PHP file, no third party dependencies and I did not had to install anything on the server(because PHP is already there) so no installing node,npm,npm packages maybe git .
You will need a framework if you have a big project, you would be wasting a lot of time to do the logins, user management, view rendering from scratch and probably have a lot of bugs. There are minimalistic frameworks and libraries and you can use something that matches your need.
