I am building a website using PHP and a mySQL database. The website now has a login/register functionality and profiles with walls could be visited. On the same website, I want to build a big chat application using websockets. This chat should host a dynamically expanding amount of chat rooms (could run into thousands) of medium-sized groups (+/- 25 people).
I've been considering node.js to run websockets with, but I only want to use node.js to handle incoming messages and broadcasting. In addition, I want to save the incoming messages in the database using PHP. I want to use http calls in the node.js server file to handle this, as described in http://docs.nodejitsu.com/articles/HTTP/clients/how-to-create-a-HTTP-request. I also want to use http requests to get properties of the user (for example name and profile picture), so these could be displayed to other users in the same chatroom. I do not want to handle this client side, as the user could then easily pretend to be someone else.
Both the php website and the node.js server run on localhost. The website runs on 127.0.0.1:80 and the server on 127.0.0.1:1337.
My question is, is this approach save? Are there any security risks in doing http requests on a node.js server to send/receive data from the database? Is it a good idea to run node.js next to a PHP website, or should I build my website purely on node.js? Are there any other alternatives?