Hmm. I suspect, the difference is, that Apache was never designed to run as root.
You're assuming the root account is the most damaging account to compromise. In the case of a fileserver, you will very likely want some files kept more private than others. If I as a hacker wanted to steal private data from an Apache + DAV fileserver, and all the files were owned by user "apache", I would simply need to compromise the "apache" account to have complete unrestricted access to all data on the server. So, in a fileserver environment, hacking "apache" would be as disasterous as hacking "root". On this basis I would argue that _in a fileserver environment_ "all files under one account" is less secure (aka more risky) than system based file ownerships.
Regards, Graham --
