In PHP 5, loose typing is a feature, but in security contexts, it is a massive vulnerability. PHP 5 attempts to "help" you by converting string types to numbers automatically during comparisons using the == operator.
A heap-based buffer over-read in xmlrpc_decode that could lead to system compromise. php version 5640 vulnerabilities verified