For better performance, a PHP compiler such as APC or xcache should be used.
Remember to end your template filenames with a ".php" !
In a well designed MVC framework, the output from your Models and Views should be easily cachable.
A memory cache like APC or Memcached can be employed.
You should be familiar with web security concepts such as Data Filtering and Sanitizing, Cross Site Scripting (XSS), SQL Injection as well as PHP specific gotchas like the register_globals directive, PHPSESSID hijacking, mail() header injections etc.
Please read the PHP Security Guide.
Helpful PHP functions include: addslashes, mysql_real_escape_string, intval, strip_tags, htmlspecialchars, preg_match, PHP Data Filter Package (if you can live with the ugly syntax).
Please try not to use the php mail() function for your emailing needs. Unless you really know what you are doing, your script can be comprised or the emails sent out are more likely be classified as spam.
Instead, you might want to employ a mail library such as PEAR Mail or Swift Mailer.
The CRUDE-ORM class is fully decoupled from the View-Controller, so you can remove it, replace it with another ORM or simply use your own existing database routines.
Some other open-source PHP-ORM solutions you can check out include Propel and Doctrine.