I just set up VPS to run Apache with php5-fpm which is set to run every user pool as user:user.
Reason for this is simply to allow users to actually own their own files created by various CMS scripts instead of them being owned by www-data. Such content couldn't be altered/deleted by those users.
php5-fpm seems to solve this issue for me.
What are security implications of such setup if any?
This is a fairly common way of setting up separate environment for separate applications where the users may not be trusted (i.e. shared hosting). You are correct in that it will isolate each pools files from another using *nix permissions, bypassing these restrictions will be difficult without say a vulnerability in the permission system itself (such as a privilege escalation bug).
In the senario that an application is compromised and system access is granted to an attacker, they will only have access to places in the system accessible by that user (which should be heavily restricted).
What you should consider is making sure user:usergroup is locked down so that in the event there is a compromise, that the attacked cannot affect the operation of other applications implicitly. E.g.
/etc/security/limits.conffor CPU and RAM, Quotas for Disk).