Current state of PHP security?

[lech.protean () gmail com]

Hello.

I would like to have some small personal webpage with some private info.
With the current state of affairs, I'm afraid to use either any CMS nor write the code myself (for fear of now knowing 
the security implications sufficiently).
What I'd like to have best, would be an XML content stored in mySQL/postgres, php would parse it and the output would 
be, of course, XHTML.
I would need to limit access to some of the information, I don't care about any particular technology, be it .htaccess 
or just a list of user in SQL DB.

If I prepare such a solution, is there a chance it will remain secure for years to come, with crosssite script popping 
everyday? How can I protect myself and remain creative, provided, I only want to use OpenSource solutions on a standard 
web-hosting?