There's nothing wrong with that decision up to the point where you start handling the money - beyond that point I agree with you.

Setting up a website which is secure and not vulnerable to SQL injection or basic BS is quite doable in PHP.