Running PHP under the web server's permissions isn't isn't necessarily better or worse than using SuPHP. It's just different. The first model separates the owner from the web server, while the second model separates the owner (and his PHP code) from all the other users on the machine.
Using suPHP doesn't necessarily increase your overall security, it just redirects it. Instead of trying to prevent break-ins, you're isolating the sites from eachother. The justification is that, particularly in a shared-hosting environment, the former security model just wasn't working out: users constantly blew holes in their security by setting world-write permissions on everything so that the web application would work, and then a security compromise on one account would quickly metastasize to all the others on the server.
So, instead, it's common now to use tools like suPHP in large shared-hosting environments to remove the barrier between the user and his PHP application, and instead erect a barrier between a user and his neighbors.
So, in this case, you don't provide security, you provide separation. Unfortunately, suPHP requires that files be owned by the user you intend to run as, so creating a separate FTP user would be... a mess. You'd constantly have to chown
files back and forth between the suPHP user and the FTP user.
Instead, you need to pick a role: either you secure a site, or you secure a server. If you want to secure the site, then you need to separate the webserver from the content owner. That's a somewhat complex relationship to maintain correctly, so it's not recommended for shared hosting environments. If, instead, you want to protect the server from its users, then use suPHP to separate the user (and his code) from the others on the server. In this case the user is responsible for his own security. Good luck, user! Technically it is possible to have a secure PHP application--in theory, at least.
Yes, you can mount a windows share into the linux filesystem using mount.cifs e.g.
mkdir /mnt/windowsfs
mount -t cifs //server/share -o username=user,password=P4ssw0rd /mnt/windowsfs
Once you've done that you can (with suitable permissions) access and manipulate the files in /mnt/windowsfs.
Best Answer
Short answer is no. In order for the user to interact with their data they need to use programs (bash, ls, cat, vi....). In order to use these programs the user must be able to list the directories they are contained within and read from the files which contain the programs.
You can prevent users from accessing other users data files by settings the permissions (and permissions mask) appropriately and/or restricting the access via chroot (but they can still see the config and executable files they have access to).
This is somewhat meaningless as an Ultimate goal - what is the threat model? How could they gain / subvert the security by doing so?