My personal opinion, is to never use a system-wide user such as www-data, apache or nobody. I've found the most secure approach, is to use separate user accounts per virtualhost.
I believe that each virtualhost should have its own separate home, separate tmp directory (for storing session files, etc), mail storage within the home and have a completely isolated environment (like a jail shell), with limited access to system resources.
While running each virtualhost as its own user does improve isolation a bit, in that with proper filesystem permissions (or SELinux restrictions, but really, just use the filesystem permission capabilities that are already there), it would be impossible for one virtualhost's PHP scripts to access another virtualhost's content, unless you're using SELinux to forbid write access by PHP to the scripts it's executing, you're still vulnerable to an attacker using PHP to write a malicious script that would then be capable of being executed, or injecting malicious code into an existing script. I've seen your previous post about monitoring for file changes, and while that helps detect malicious changes after the fact, it does nothing to prevent them in the first place (and an ounce of prevention is worth a pound of cure).
storing emails under /opt/Maildir/
Who uses /opt/Maildir ? /opt is for vendor-provided self-contained software installation (eg, Google Chrome installs here), or other vendor-provided software that wants its own filesystem hierarchy (which can be useful for things like not having to worry about distro filesystem layout specifics). When using Maildir layout, $HOME/Maildir is typical, provided the mail user has an account on the system, otherwise somewhere in /var like /var/spool/mail is used (/var/spool/mail is the default when using a single file to store all mail).