I looked over valhalla and they seem to be using only html and css, I cannot find any sql or php code so how would they handle for example accounts without a database?
It would seem to be that using only html and css is extremely secure, so I want to know how they do it, I also looked over dream and they use html and css also.
Can someone explain this please?
PHP is a server-side script. It outputs client-side scripts which you see (eg. html). They are using a database but again you won't see the SQL code.
Yes only using html and css will reduce your attack surface, but it will be a static site.