The problem for the sysadmins to upgrade to a more recent php version than the one supported by the operating system is that when php needs to be compiled manually the required libraries also need to be the most recent version.
This will lead to manually managing dependency hell and this will make the complete OS less stable.

While working for a PCI certified payment provider I had this discussion a lot but the sysadmins could assure me that php related security is no issue when you’re working with the latest release of your OS (at least with Debain).

For my side projects I use alternative repos like epel and webtatic to have the latest php version.
But keep in mind that these are no “official” releases and you don’t know exactly whats “in” or if these packages were comprised by a bad person.
So there’s a (small) risk to get a different exploit on your system by doing it this way.