If you want some degree of security, you need to use CGI not mod_php on any host with more than one application owner, e.g. shared web hosting. And CGI is slow, so it's better to use FastCGI (i.e. separate PHP server to web server) so your web app can run as the right userid yet not pay the CGI startup overhead. This is essential for more complex apps or higher volume websites, which also tend to require some security.
I believe Ruby and Python are often deployed in the same way.