There’s nothing about using a framework that will impede you learning PHP, and using an established framework will reduce the security risk, as you’ll be dealing with well tested code for handling common tasks.

At the core of most of the PHP frameworks in play these days is this simple three step workflow

1. The URL is requested and routed through a central bootstrap index.php file

2. The URL name is used to derive a classname and a method name (and action method). This is your main entry point and where you start writing PHP to handle the request

3. At the end of this method, control is handed over to a view template, which has access to certain values you set in step two.

Pick a framework, learn how it does the above, and then write any kind of PHP you want in the action method and the view template.

Yes, there will be a lot of other PHP framework code in play, but you never have to look at it.

Yes, the framework will have a multitude of features and/or a “preferred” way for handling things, but you only need to use those you instantly understand.

When you start noticing patterns of ugly, boring, or insecure code, take a look at the framework features again. More often than not after “doing it wrong” you’ll get insights as to why the framework code did something in a particular way and you’ll be happy to hand off the responsibility (I’d say ActiveRecord style models vs. SQL code is a big one here)

As you start using the objet oriented systems the framework provides you’ll start to get interested in how they’re doing certain things, and then you can start poking at the core framework code.