PPTP is a tunneling protocol just like L2TP is – it does not provide security.
PPTP uses MPPE for encryption which may have some disadvantages compared to IPSEC (which is commonly used with L2TP). IPSEC can also be used on its own as a tunneling protocol and this is pretty common.
An advantage with IPSEC in general would be if it’s used with certificates to authenticate on the machine-level in addition to the user-level. L2TP enforces this but IPSEC alone could be used with just a pre-shared key just as the encryption in PPTP can – lowering the level of security to similar levels in my opinion.
Most old vulnerabilities in PPTP are fixed these days and you can combine it with EAP to enhance it to require certificates as well. I’d say there’s no clear winner, but PPTP is older, more light-weight, works in most cases and clients are readily pre-installed, giving it an advantage in normally being very easy to deploy and configure without EAP.
However, getting something more secure by machine-level authentication might give IPSEC an advantage in being designed for this to begin with (L2TP in particular) – and hence possibly be easier to deploy with that requirement than getting PPTP to work with EAP.
If we compare PPTP with L2TP straight off – L2TP wins by a fair amount due to the requirements for decent authentication on several levels, preventing several scenarios PPTP won’t prevent (in theory).