All web applications are subject to the same sql and header injection tactics, and as of php6 register globals along with some other not necessary poor programming tactics but commonly used incorrectly tactics will no longer be available. These are things that php has been under scrutiny about for a long time and there are warnings posted everywhere so if you fall under that category if is of your own neglect.
Generally, it will depend on the developer to make any application secure enough, but if I need to choose between JSP, PHP and ASP,... I will choose JSP to be the most secure.
A good developer can create a very secure app with jsp as java in general is based on a secure infrastructure. With the added benefits of JavaFX, the sky is your limit with security and design. but most design cannot be mentioned here as web development uses css and html for design and this has little to do with security.
In my opinion JSP first, when we talk about security. Then followed by PHP because although php is no where close to jsp even at the current php 5.3 (with the all new Object Orientation), its worth learning as its very easy to study and implement. As for ASP, well Microsoft always needs an antivirus,.. that should give you an idea of how porous their security is even on their best app.
I will tell you to be good in php for web and be better with java based app if security is your concern.