Hi pizdin_dim,
I’m webmaster of several hundreds of sites, on just about as many hosts.
My experience – lately (meaning after the PHPBB disaster) – is that the number of hosts using suexec in a perfect and tight configuration is sharply rising. The majority of the sites I deal with are on such hosts.
Very practical experiences with hacking attempts of various scripts have proven the worthiness of these settings, though I admit it may be a wise idea of checking up with the host on just how their servers are configured. E.g. I had recently a client’s Nucleus installation hacked who had failed to upgrade in time.
The very competent host then amiably restored a prior non-hacked version of that website, pointed out what file had been the entry point (plugged by the upgrade I immediately did) and very nicely refused our combined thanks and beg pardon on my client’s oversight. As the whole system is an extremely tight ship only that script and site were touched, without any disruption of the server hosting it.
Conceded, this is no cheapo host, price for a relatively small hosting plan with them is already 15 bucks per month, but when I compare this to the trouble other sites on cheaper hosts have… Even the email spam is close to nil on these accounts due very good preventive measures and they notice if one of their clients has a wormy computer and is consequently spamming himself and notify him of undue usage of the mailservers.
I always try to steer my clients to such types of hosts. And their numbers are fortunately rising.
Thus, if a site draws blank or “forbidden/404” with a 777 setting of folders, my first thought goes towards suexec nowadays.
