Laravel or pure php?
Using a framework does not secure your code magically. You still have to protect it.
you can see your web app as a house with many doors. with pure PHP, you will have to build your doors before using them. On the other side, Laravel (or any framework) comes with built-in doors but if you don't use them, your app will not be secured.
Example of protections simplified with Laravel
- CSRF protection https://laravel.com/docs/5.3/csrf
- SQL injections using Eloquent https://laravel.com/docs/5.3/eloquent
- Form validation https://laravel.com/docs/5.3/validation
All protections listed above can be done with pure PHP but you will have to write a lot of code.