In a previous post I talked about getting HTTP authentication working when PHP is intalled as a CGI. That, however, begged the question; why install PHP as a CGI? Performance is going to take a substantial hit, after all. The answer I got from the sys admin of one of the servers I was trying was:

- Better security
If a PHP process is compromised, it's only compromised for the duration of the request.

- Upgrades are easier
Upgrading an Apache module requires restarting the Apache server after the module has been replaced. Upgrading a CGI binary simply requires replacing the binary.

Sounds reasonable for low traffic sites. The other server is a run by a hosting company, so low traffic isn't really something on which they can or should rely.