How can a website build in PHP (like Facebook) can be so fast and (sorry if I'm wrong) secure ?
Do they use their own compiled version ? What kind special techniques do you guys think they use?
What config do we need to have to make PHP viable for huge scale project?
That have a PHP compiler that transforms PHP into C++ (Hip-Hop), this is one big improvement. They also have written there entire backend in C++ (transport data through Apache Thrift) and built Cassandra.
I don't think their PHP necessarily has any specific security tools (or I haven't any seen any of them). Speaking for experience with Thrift, it helps when both frontend/backend understand exploits and both work to ensure there are no issues.
All of these things have helped alot, check our High Scalability for more information about scaling your stack
I highly recommend reading: What should a developer know before building a public web site?
This sounds like a question born of the stigma that has stuck to PHP that it is some how inherently insecure. PHP is flexible which allows developers to write bad, insecure code if that's all they know how to do.
Many, many large website and web apps are written in PHP. The key is knowing how to write code securely from the ground up. I'm sure Facebook has hired talented programmers who are trained on security.
Bad or insecure code is the fault of the programmer, not PHP.