I would not become a Python web developer without a framework. Moving from Rails to Django, Django is much better. It has great documents, a great community, doesn't try to force architecture (which can lead to hours of search engine work on where to put things), and doesn't hide things that hide the โmagicโ like Rails does.
It protects against XSS by default (i.e. you should tell it NOT to avoid HTML), and since it has a great ORM interface, it has little chance of stupid SQL injection errors. It also has built-in protection against CSRF attacks that work as middleware. This is not something that PHP is inherently unsafe, but gives developers too many opportunities to mess up.
It also has amazing extensions, such as Pinax, and they combine substantial extensions in their kernels in each release.
You should also not underestimate the psychological benefits of coding in a beautiful language.
bcoughlan
source share