Found that php-5.6.0 has a remote code exploit issue. I'm going to try php-5.6.4 which is the latest version. The issue is apparently fixed in 5.6.4 and I notice that the database code is now considered stable.