security risks are involved in letting the webserver accessing files outside its environment

I do not agree with this statement
Look, Apache process (namely httpd) needs an access to its files out of the web tree,
php module, namely libphp4.so needs an access to the files out of the web tree.
Without letting them access their files out of the web tree, you will not get them working at all.
On the other hand, if your system has php files to be included from the out of web tree, how would such environment be abused?
Quite the opposite, if you put to the web a script that does not make precautions on its input, you'll make risk much higher.
That's why, for example, PEAR scripts are always installed out of the web.
It's the way people are improving security.

True, but the webserver environment does not need to be the same as the web root. If you run PHP in safe mode, then you can restrict various file operations to certain directories. Using open_basedir you can also restrict the allowed include directories (this also works in unsafe mode). But this is mainly to prevent run-away scripts to mess with the environment. To prevent your code from being changed by outside parties, you should keep as much code as possible outside the web root.

moreover, it's impossible or you will have to put those utilities and libraries on the web tree too.
I mean such stuff as libintl.so, sh etc.
BTW, to get chrooted envirotment I had to recompile some of the utilities, brrrr.