This is such an important issue.

It is bad enough when apache can write to just a few web-facing directories, such as image and stylesheet caches. When (and I don't mean "if") a vulnerability allows a hacker to put a script into one of these directories, then they can cause all sorts of havoc, but they are still stuck in a ring-fenced sandpit.

If apache can write to all your files and directories, then you might as well be prepared to lose your site, because when the hackers get in, then will be installing scripts and back doors all over the place. You will be restoring from a pre-hack full site backup from - whenever that was - to clean up the mess.

Shame on you Lorna Jane for suggesting people do this for the convenience of not having to enter a password.