Is it considered bad practice to use an ORM instead of raw SQL in web development?

Home - Quora Link

No. The web world fought this battle 10 years ago and raw SQL lost. The main reason is security. It’s much harder to secure SQL than you would guess. If you’re not exceedingly careful, a badly-written script can easily give an attacker access to your database. Not using an ORM forces you to become a database security expert on top of your web development skills.