Is there another way to run Apache2 securely for multiple end users (like hosting hundreds of blogs) without using CGI mode as required by suPHP?
It just seems so inefficient to use CGI mode for PHP when if we could set up permissions properly, we could host PHP through mod_php perhaps?
I mean, I do want to restrict these users to their home directories for their sites, but don't want any security issues.
PHP support FastCGI out of the box, so you could use mod_fastcgi or mod_fcgid and SuExec to run PHP scripts. It has almost the same performance as mod_php but still will run the scripts in individual user contexts.
You should also read this article series about securing shared hosting platforms.
I'm looking at MPM-ITK. Each vhost runs as it's own uid:gid. It's a prefork, so there's no threading problems either.