I believe that Smarty actually doesn't allow PHP in its templates, unless you turn the security variable off. I'm sure Garvin's mentioned it somewhere in the forums; I just haven't the time to look for it right now. You'll have to modify your config.inc.php and set a $serendipity['SMARTY'] variable.
The security concerns of this implicate that people who have FTP access to your blog can include custom PHP code in templates. And if you have the Smarty Markup plugin installed it means any author on your blog can access PHP code.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/