Some administrators don't like suEXEC because cgi then runs with higher privileges than 'nobody'. I am in the opposite camp. I think that security is enhanced by giving users full use of file system permissions on their site. Bad scripts can eat resources in either case, and suEXEC limits the damage one user's error can do to another user's site.

There is terse but (I believe) complete documentation of proper suEXEC setup in the Apache manual.

After Compline,
Zaxo