I have been researching suhosin and php5.4 for two days no stop.
It appears that development is very slow. But, it also appears suhosin was updated to work stable with php5.4
There is no other way to allow functions like eval() for clients but restrict the functions allowed within. suhosin does it easily.
Suhosin actually has a lot of "set and forget" security options for php.
I am going to give it a trial run and work with it on my test server... see if it is stable for production.
Thanks for your response zenkel!
Mustafa - any response to modifying php-fpm template to add in individual client php settings?