in that case, as I mentioned, edit apache user to disable shell and home directory. make sure home directory and client directories owned by other user than 'apache' and then you can start configuring PHP.
List of functions I recommend to disable with apache+mod_php: eval, exec, passthru, popen, proc_open, shell_exec, system
but it's not a complete list. You should write it globally in your php.ini's
disable_functions directive.
Make sure you don't have posix functions enabled, if you have, better rebuild PHP with --disable-posix. These functions are potentially dangerouns because they reveal information about your system and users.
I personally never built PHP for apache, but i guess there is an option somewhere in config script, allowing to disable apache_* functions. They are also can be misused, so either try to remove them on building stage or deny them all in php.ini as those from a list above. These functions can be found here:
http://ru.php.net/manual/en/ref.apache.php
It's recommended to disable sockets and
fsockopen function.