I've been conducting some experiments lately to test a few security hypotheses that I've had as well as feed my curiosity. The success rate of these experiments has been shocking. The most recent experiment is taking place on the Zend forums, although it's over now (I don't want to needlessly spam the place). You'll notice a lot of topics with a subject of PHP Security Experiment, and they're all posted from different IPs (from all over the world). In short, I'm able to send HTTP requests of my choosing from other people's Web agents.
These experiments aren't testing a single piece of software but rather a specific set of vulnerabilities, and I'm chaining them together. I think I could chain them together even more and make them spread like worms. I'll release more details once I figure out how to properly notify the developers of all vulnerable software first (and allow ample time to fix the problems).
I could use some help. If you consider yourself a pretty proficient PHP developer who has a good understanding of the Web, and you'd like to participate, please contact me or leave a comment. I think there is plenty of work and research to be done.