For PHP applications to access MySQL databases or upload (write) files to site folder(s), the file and/or directory access permissions almost always need to be set open enough for the application to do its work. Unfortunately, this also allows any user with access to the Web server to read and/or modify files. Website vandals take advantage of this exploit to modify both the user's own website and other sites on the same server.
With SUPHP, the file permissions can then be set so that only the user can read the file, and the SUPHP page can write in any location where the owner can write.
Solution: chmod files and folders to 755 instead of 777.