Yes. And we return to the starting point - only passive template with placeholders can be absolutely (more or less) secure. But it isn' flexible enough. *Any* programme language give to programmer possibility to do some bad things. Why should I hope my template preprocessor will be more secure then PHP-preprocessor. If designer can include trojan code, why php-programmer can't?
Your right, in that case you can't. But rather than have to worry about programmers and designers, you just worry about programmers.
Also, look at this beyond just people you control. In many cases, you may not have that control.
Let's look at another example. You want to sell your program. So you are going to encrypt it. Rather than let the person have access to any PHP, you simply make the site's template in a simple templating language. That way, people that don't know PHP can still install and use the program.
Well... i'm not designer, for me it's the same. In short notation it will be the same for anybody.
Actually, that's you avoiding the obvious answer. The second one is easier the easier one overall.
And any time I see script languge in template I can't keep from question - "why not php".
Because PHP is not designed for templating use. That may have been it's intent when it was first created, however, PHP now is NOT what is was then.
Simply put, PHP fails in a number of places as a templating language. First and foremost, in security, as well as ease of validation, and ease of design work. A good template engine is in fact better seperated from the core language. Hundreds of programs use this same basic method. You don't see various programs with skins having their skins rewritten in the same core language. Most of them rely on a subset of a scripting language that is designed to allow for easy creation of a skin.
I highly suggest you read
http://smarty.php.net/whyuse.php
When you look at what most template engines do, they take a template, and compile it to PHP code. How is this bad? It's a basic principle of programming. You don't see us running around coding everything in binary. No, we creat high-level languages and compilers to do this for us.
Guess what, we could rewrite all our applications in C because guess what, they would run faster! Besides, it makes no sense, PHP is written on top of C. Why not C?
Because PHP is build for creating web applications. That's why. And guess what, we design a templating engine that's built on top of PHP for creating HTML templates. Why? Because these templates are built for that purpose. So just as writing a web app is easier in PHP than in C (and less time consuming), so is creating a template in a good templating language than using a non-templating language.