Hey all, I posted an article on my blog that discusses locking down PHP from both the perspective of the server administrator and of the developer:
http://jimkeller.blogspot.com/2008/01/php-security-in-shared-hosting.html
