I was doing web development in 2006 and that's not how it was. Websites were not all in i-frames and they were not all insecure. Setting up a PHP dynamic website with Apache does not have to be insecure and didn't have to be back then, either.