I didn't mean for him to use an IDE like dreamweaver or frontpage. Those generally create trash code that takes more time to clean up than just to do it manually. I also wasn't trying to make PHP out to be an insecure language, PHP has been proven many times over that it is a secure language, but PHP alone isn't what he needs. A new user should never roll out their own authentication system, ever. Here is my thought process, maybe I should have explained my points more clearly.
A: Needs Users/Authentication
1: Needs a way to allow, User A and only User A edit content that User A posted.
The TurboGears Software has these tools available. It uses Repoze.what and Repoze.who to setup the users, hashes + salts the passwords, and allows the developer to set up predicates to allow/deny function access. I can easily put "@require not_anonymous" at the beginning of function to make a user login, it will handle the session data, database lookup, login page, and redirection to last page after login. Yes, programmers should know how this is done, but new/most programmers from what I can tell, will find a way to mess it up. Repoze.* has been throughly tested vulnerabilities, I consider it a good alternative to trying roll out a custom auth system, it also saves a lot of time. Custom tables that hold info about profiles can easily be attached to the user table without comprising the security offered by repoze.
B: Be AJAX friendly and all of the other web 2.0 stuff that people want.
2: The Dijit library in Dojo will allow the programmer to take advantage of things that he will probably not be able/want to code himself, such as complex FX effects(slides, fade, dim, tabs, resizable and movable JS popups, trees, form validation, etc). Most new programmers will turn to unknown third parties to get these effects. If you are using Dojo for the site, you know that it can be trusted, and that the code will not conflict with other code being used.
C: Database stuff
1: I will probably catch flak for this, but writing out the raw SQL + connection code is just tedious. If the platform allows, tools like SQLAlchemy allows the programmer to keep the same syntax and code if they want to switch to a new DBMS on a whim (MySQL > PostGres > Oracle). It also create python objects out of query results, queries can also be tied into the repoze.* data (once again something that most programmers should stay hands off on). Sample query, items = DBSession.query(table).filter(something.id == whatever).all(), thats it, it will query, return, and package in one line. The use of model files to build the database is something that can be unfamiliar at first, but it is scary how much time can be saved if you ever want to change anything, you can also turn your tables into niffty python object for easy referencing.
At the end Python might not be right for everybody, but choosing PHP because it is what everybody uses is just silly. LAMP proved to be a great system, but systems like Django and TubroGears are a viable alternative. Side note if you do go with PHP, as of PHP 6.0, "magic quotes", will not longer exist, that PHP book from a couple of years ago that you mentioned will probably talk about them, just ignore anything you see about it.