Summary
The answer is only one: we should not use functions of the extension "mysql" because its development has been discontinued; the extension became obsolete, that is to say, code that uses these functions will not work in future versions of PHP.
Details
A user of the Stack Overflow site wrote:
There is no security problem with library itself but rather with library users (there are no security issues with the library itself, but rather with library users).
The vote to discontinue (deprecate) or not, resulted in 25 votes in favour and 12 votes against. It was a good majority, but it was not a unanimous decision. See the official source.
In the same font, another developer wrote:
The Extension is not Broken. The problem is the bad Usage. It can be used Safely, and good Developers have been Doing so for ages (The extension has no defects. The problem is misuse. It can be used safely, and good developers have been doing it for years).
The citation below, also from the same official document, points to the real reasons to discontinue the extension:
ext/mysql is hard to maintain code. It is not Getting new Features.
Keeping it up to date for Working with new versions of libmysql or
mysqlnd versions is work, we probably could Spend that time Better.
(The mysql extension contains hard-to-maintain code. It is not
receiving new "Features". Keep it updated to work with
new versions of libmysqld and mysqlnd is laborious; we could
be using better this time.)
In other words: "So I have a hard time keeping this old code?" - as far as new versions of Mysql (and their "client libs") are released, the extension needs to be updated...
...and, in addition, extensions already exist mysqli (more modern) and the alternative PDO... So... why keep going? Let’s discontinue? Then, 25 voted "yes", 12 voted "no", and the decision was made.
Personal Comment
When I started with PHP there was no PDO extension. I used the "mysql" extension, like most, until I worked on a project using "mysqli" and became aware of the advantages, and always preferred the same since then.
Soon after, I wrote a couple of classes that extend the original extension mysqli, and I use them today in pure PHP, that is, when I’m not using a framework as the Laravel, with its "Fluent" and its "Eloquent", the Symfony with "Doctrine", etc...
For me, accustomed even to the little details of preparing "LIKE" clauses to attack-proof, the "black box" of these "Prepared statements", "Active Record" or "ORM" was viewed with suspicion. That phase passed, and today I’m a fan of the Eloquent that comes with the Laravel 4...
Addendum
After publishing the entire answer above, I felt the need to stress the importance of the factor "not Getting new Features" in the decision to discontinue the extension. That is to say, although it is the fastest (best performance) in the execution of simple tasks, it lacks the full range of functionalities that the alternative extensions (mysqli and PDO) contain (transactions, SSL support, etc.) - point that was highlighted in other responses here.
This function has already become obsolete, being more indicated the use of mysqli_*
– henrique