I think there are two main categories, which should be considered:
Configuration & installation (for example): http://aymanh.com/checklist-for-securing-php-configuration
Programming (example): http://www.jemjabella.co.uk/blog/php-security-checklist
Other ideas?
