I know the guy who wrote it originally. A real hacker. He wrote it way before this DLR extensions, I think it was even in .NET 1.0 and it was already sort of usable. He knew a lot from Rotor (the open sourced part of .NET) and he was using it to hack the internal memory structures (ie. the Object structure) of .NET without reflection
I wonder if somebody has done any kind of benchmarking with Hip Hop.
Managed code is safe, verifiable and strongly signed, with no place for insecurity.
Like .NET applications never have had security holes.
I've used Phalanger in one of my side projects and it works really well. The PHP library I was using (http://code.google.com/p/phpsc2replay/ if you're interested) isn't simple but there were only a few minor modifications required to get it up and running as a full .NET library.
Only complaint I'd have would be that it locks up Visual Studio every so often on large PHP files. Apart from that it pretty much works as advertised.