Why is the existing option to disable this or limit it to certain roles not sufficient? One simply has to go to admin/filters and click disable if they don't want it. Perhaps the documentation or install instructions need to be enhanced to have a chapter about security (i.e. if you want to secure your site here are all the things you can do and their impact). As others have said, just because you are writing PHP doesn't mean you are coding functionality, you may just be trying to generate dynamic content on your site in a block or something. That is something drupal should allow and you should need to write a module to do that. Drupal is not exclusively used by people that can get in there and upload files to their FTP server. If that was to be offered as "more secure" way of doing things that is fine, but it should be an administrator choice it shouldn't be required.