Websites can still be hacked using SQL injection - Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.
