It really depends on the goal you try to achieve.
If it's just rendering a simple page, the most efficient way is to concatenate code using single quote (based on benchmark) (even if the difference is not so important).
But I'm guessing you are building a website, and you will use html+php widely. If so, I recommend you to use a template engine, or, directly PHP.
Using any template engine will reduce the performance, of course, but it will improve the readability of your project and structure it in a better way. The ratio "lost performance"/"readability - maintain" is worth it. You should go for it (again, if you plan to render many html pages). See MVC Design Pattern.
Now, for the template engine, I would recommend you to use PHP directly since it has first been developed for this purpose. You can find many template engines that just finally use php in the templates, and the same apply for Frameworks. If you take a look at Code Igniter for example, you'll see that the templates are made of php.
Now, for security reasons, using PHP in your template greatly depends on who is going to edit templates. If it's only you, or someone you have a total trust, you should go for it. If your users will be able to edit the templates (for any kind of reasons), then I absolutely should avoid it, because they can do whatever they want on your server, including hitting the database, viewing all the files (even configurations ones) etc.
