[pmwiki-users] preg vs str_replace

[The Editor]

Can someone explain the advantage in terms of php code between

preg_replace('/\\(:/', '(:', $value);

and

str_replace('(:', '(:', $value);

Also, any reason against by default protecting all input fields in ZAP
from directives?  And making the unprotect option available by
explicit demand?  I don't like the vulnerabilities possible without
protect.

Also it seems I'm getting pages included that are read protected.
Isn't that supposed to not be possible?  Very strange...

Cheers
Caveman