SELinux if left enabled (as it should be...) will help mitigate the risks. But root access often isn't necessary to totally screw you. For example, adding a machine to a botnet does not require root, nor does accessing the data for your application (such as databases and local files owned/manipulated by your apache user).