The root cause for the PHP vulnerability is trying to parse unstructured text. The actual information in WHOIS has structure: emails, addresses, dates, etc. This info should be provided in a structured format, which is what RDAP defines.
IMHO, there is no reason for a registrar to not support RDAP, and to have the RDAP server's address registered with ICANN.
IMHO, there is no reason for a registrar to not support RDAP, and to have the RDAP server's address registered with ICANN.