It's not just Apache you need to configure - PHP ignores Apache's directory access configurations entirely, you need open_basedir and preferably something like suPHP.
Disabling shell functions (system, exec, etc.) is also a good idea, unless the application itself requires them (e.g. if the host is too stupid/lazy to have the imagick extension installed and tells you to call /usr/bin/imagick instead...).
Disabling shell functions (system, exec, etc.) is also a good idea, unless the application itself requires them (e.g. if the host is too stupid/lazy to have the imagick extension installed and tells you to call /usr/bin/imagick instead...).