Technically in any case, the popup window will have the same “security” as the main window, as both are rendered by Chromium engine.
The true “security” lies in how you write and protect your PHP code.
EXEOutput uses its virtual PHP engine to generate the HTML output which is then rendered by the chromium.
This is just like in traditional wev server where something like Apache uses PHP to generate HTML output and then serves it back to the client. The client (chromium/chrome/firefox etc.) then parses and renders the HTML and display the contents.
Your question is like “is a tab in your chrome more/less secure than another tab?” and considering that both the tabs are from same domain (https://heserver in case of Exeoutput) you can tell that they are both similarly secure.