Why do I get a CGI security alert when debugging PHP?

The CGI security alert only occurs when you compile PHP with --enable-cgi-force-redirect. That compilation directive forces PHP to check if it is being run as a CGI by looking at environment variables commonly available only under a CGI environment. If they exist, it looks for another environment variable that is reliably available ONLY under Apache, REDIRECT_STATUS (or HTTP_REDIRECT_STATUS under Netscape/iPlanet). If that environment variable does not exist, the security alert is generated.

To run your compilation of PHP under Komodo with CGI emulation, you have to add a CGI environment variable called REDIRECT_STATUS with any value.