This wiki page is not complete nor can you be sure that these tweaks will make your apache completly secure. However, if you know or get to learn additional tweaks, come across mistakes etc. please feel free to add, change and correct them. Thanks!
expose_php = Off
This will not expose php by adding it to the webserver signature
display_errors = Off
This will not display any errors on the webpage and therefore not disclosure any information.
However it is much better to log the errors to a file:
log_errors = On error_log = /path/to/php-errors
Make sure you deactivate the enable_dl option (thus disabling dynmic extension loading)
enable_dl = Off
safe_mode = On
which actually isn't safe but may make exploiting more difficult
May differ from setup to setup
disable_functions = phpinfo, pcntl_exec, show_source, passthru
Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = Off
Whether to allow include/require to open URLs (like http:// or ftp://) as files.
allow_url_include = Off