What is different from the intermediate code HHVM generates and the code that OPcache/apc stores? Is HHVM always faster compared to code that is cached in OPcache/APC?
An opcache code just stores the bytecode so you just avoid the parsing step in each request. It does not inherently optimizes anything, although it has been tried with APC in the past (but finally abandoned). I don't know what's the status with the new official opcache and optimization.
How does security work in a system like this. If this is used in a shared hosting system, can a user inject false messages into Serf with for example PHP?
Yes, they can. In the general case its not an issue because usually your nodes are inaccessible by the public, but if you're using a shared hosting environment, this is entirely possible.
