I don't know about security risks, but you could certainly create a user with a home directory of /var/www/whateverdirectory . If the user already exists, you can use the usermod command, something like
Code:
usermod -d /var/www/whateverdirectory username
Just pay attention to your permissions, and know to what group this user belongs. You can have /var/www itself be readable/writeable only by root, and just change the user and group permissions on each directory within this hierarchy. Apache should be able to access all of that just fine, but you could change the group to "apache" if the default arrangement doesn't work.