well I guess I'll follow-up on my end... since I ended up solving it for my server.
I used the same directory structure as you except I have /home/username
I create a user/group for each domain and their home directory contains their public_html, logs, etc. Then I use suexec (which you have to compile yourself:
http://www.linode.com/forums/viewtopic.php?t=2982 ) to make sure that apache and all scripts run under the user for that domain. This way that domain owner only has access to his own files/folders and can't do anything else.
If you really don't want to bother with that much work, alternatively, you could just install virtualmin (a control panel like cpanel but free). They automatically do this sort of work for you..
I tried it, but I didn't like the added cpu/ram usage, but besides that it was pretty neat.