Yes, Apache on my machine executes cgi scripts as the Apache user, hence the need for setuid to do stuff that the Apache user doesn't have permissions for.