I'd have to say that the reason PHP is ubiquitous is not because of Jeff's mistaken claim that it's easy to install - it's flippin' easy to *use*: just inline it with your HTML in a .php file, and Apache magics it out to the world (I should know - I write in it for all my scripted pages). If Python were as simple to embed (yes, it can be done - but it's not the same from a simplicity viewpoint), we wouldn't have to deal with "PHP SUCKS!!!!11!!!" posts every few weeks. We'd deal with "PYTH0N SUCKS!!!!!111!!!!1!" posts instead. Until random morons like me quit embedding our logic into our display (ie, until we all move to an MVC or similar paradigm), it won't matter what the 'language' is, it will all suck.

fwiw - *merely* adding two-factor is not a panacea Recently a good friend of mine had his account snagged even with the two-factor option enabled: the attacker had set his email as the backup/recovery address, and therefore was able to bypass the authentication field (by doing a reset). Timing on that attack was carefully coordinated, but it's still a cautionary concern.