>>649
That's still not secure, and requires root on some systems in order to "give away" the permissions to the web server. In fact it's probably a worse choice because it could potentially lull you into a false sense of security where you're actually in the same circumstance as before.

The issue is that other processes on the server can open up config.pl and scrape (and perhaps change) your admin password, either because it's readable and writable to all, or because they're all running as the same user. If two people have access to the web server and the server is running all scripts under the same user id, all script files are accessible to all users regardless of what else you do to them.

It's a shame that the Apache developers reacted so irrationally and so strongly against suexec, because it solves many problems and creates very few.