If you make a script that allows someone to delete your entire site and crash your server... well... it's just doing it's job. It isn't "secure" I suppose, but that's beside the point.
There are certainly possible security flaws, but there are also ways to be sure it is secure.
<?php echo "test"; ?> as a page within itself would not present a security threat in any way. But... more complex code might, if there are holes or weaknesses.