SuExec causes your [cgi] script to run with your uid. Other users' will run under theirs. They cannot 'donate' a snooper [or clobber] script to your uid because chown to another user is a privileged operation.

[If you give your db password-containing module 0600 permissions, nobody can see inside but root and you.]