Because php 5.x already runs as a cgi, do you still need "PHP suEXEC Support" for good security?
Where is the world did you get the idea that PHP 5.x "already runs as a CGI"? :D
PHP 5.x is no different that PHP 4.x as far as the different ways to install it
and can be run either as an Apache module or as a CGI!
Which way you run for any PHP version depends on the specific configure options
that you use when you compile PHP!
Also, is this a good combo, or am I over doing it by selecting both suEXEC and PHP suEXEC?
Those are 2 totally different things and you need both --
SuExec will execute CGI scripts such as those written in Perl and Python as the account
owner name instead of as the generic user nobody. Has no bearing on PHP scripts.
phpSuExec will execute PHP scripts as the account owner in much the same way as what
SuExec does for other script types.
(NOTE: A replacement for phpSuExec is available that is actually far superior to phpSuExec
called SuPHP but only works with Apache 2.x and just recently Apache 2.2.x )
(Looking for the most stable, compatible and secure combo here.)
Mysql 4.1.21 with php 5.1.6
Well if security is your concern then you just blew it regarding PHP as there is a major
security problem with all versions of PHP up to and including PHP v5.1.6.
The only version of PHP known not to have this specific problem is PHP v5.2.0