So if I request '/../../../etc/passwd' on one of your sites, it won't work? (Just curious. I've found it really hard to get chroot'd php/apache working in all but the simplest of use cases.)
You shouldn't need to chroot apache to avoid serving /etc/passwd. I have never worked on a site with chroot'd Apache, and have never run into these kind of issues.
Are you setting your Apache configuration to only allow reading certain directories?
It's not just Apache you need to configure - PHP ignores Apache's directory access configurations entirely, you need open_basedir and preferably something like suPHP.
Disabling shell functions (system, exec, etc.) is also a good idea, unless the application itself requires them (e.g. if the host is too stupid/lazy to have the imagick extension installed and tells you to call /usr/bin/imagick instead...).
