Nope. Doesn't make any difference if it's the web application itself that is vulnerable. We've been running this particular web server for 7 years and it hosts hundreds of websites. In this time we've seen a handful of hacking attempts and the vast majority of them are down to poorly written PHP.

Paul