[eluser]Jelmer[/eluser]
Those are 2 different problems.
Quote:I am talking about an application with thousands / millions of users.
To handle such a huge amount PHP itself is the bottleneck. Facebook is written in PHP and their developers have written a couple of blogs about solving those problems. I didn't save the URLs so you'll have to Google those yourself.
CI has a very tiny footprint, so CI won't be your bottleneck. Though when handling such amounts of visitors you'd probably optimize and grow out of using any framework. But when using a framework CI is probably your best option.
Quote:is it secure enough to handle things like credit card details etc?
That's more up to you then up to CI. CI offers protection against SQL injections (through Active Record), against XSS (either globally or by setting the second parameter of $this->input->post() and $this->input->cookie() to TRUE), and as of CI2 against CSRF. But if you don't know how to use them there will be security holes, no framework can do all the work for you.
But aside from that point: if you're planning an application handling such sensitive data you should be VERY aware of all of those yourself. And you REALLY MUST be capable of deciding for yourself if the security of any 3rd party library/framework you're using is good enough.
To write something like this and not have as complete knowledge as possible about security concerns is incredibly irresponsible.
