With any approach, you need a bitcoin node (which bitcoind is most reliable one) which be accessible with you PHP code, so it should be remote!
I don't think it would be a security problem to install bitcoind on your PHP server, as long as it would be configured to just listen to localhost and not visible publicly, and just respond to your server PHP requests. But don't forget that there are still many other security risks here.
For example if someone be able to hack your server and access it, he can easily use your funds. It is best practice to implement a Cold Storage solution to transfer most part of funds in your hot online exchange wallet to it, and bring it back to hot wallet manually whenever it is needed.