Creating a large application in PHP is only considered to be in bad engineering taste. But in 2019 Facebook admitted to having stored hundreds of millions of user passwords in plaintext instead of properly hashing and salting them. This goes beyond a matter of engineering taste to what is technically unacceptable. If Facebook was hacked all of those users' passwords would have been at risk.
In 2016 Cambridge Analytica obtained tens of millions of Facebook users' data including friend lists. This helped Cambridge Analytica to contruct profiles that helped target political advertising.