The problem lies in everyday web hosting firms which often seem to employ old versions of PHP. The user is therefore stuck. They may also be at risk as security patches won't be present. Users might also like to use the latest features in PHP5, but the host may still be using PHP4.
Hosts might also be running with register_globals on. As reported elsewhere in the comments on this site, when some hosts turned it off, they got several emails about broken scripts. So the hosts simply turned register_globals back on.
The only solutions, besides pestering the web host to upgrade, are to change to a different, more modern host, or consider renting a virtual server where you can set up PHP yourself. Of course this is likely to be more expensive and so not suitable for the average person. It just seems a shame to be stuck using older versions of PHP which are less secure than the latest one.