Hi, I just come back from holidays and see I lost a great discussion on this topic.
I want to remark that a web-application code should not be modifiable from the web server itself. Thus write permissions for apache must be tuned carefully. Also following symlinks for the web server could be a security problem, SELinux is by now permissive, and users could be allowed to create them.
Today, Shared Folders are overloaded with “web hosting” features, like .htwritable and Virtual host. As I wrote on the manual page they are not meant to be a complete web hosting solution.
Perhaps we should take back the Shared Folders module to the original idea of “file sharing”, and move the web hosting features to a specific module.