Wowzer... That was a quick reply...

Thanks for the info...

So if I'm running on a standard port 80, setting the "User" and "Group" directives in the httpd.conf are enough to harden your apache??? (At least as much as can be expected...)

So I'm assuming that the references I have read regarding "Dont run apache as root" mean don't use:
User root
Group root
in your httpd.conf...

If so, then I guess it all makes sense now...

Thanks Much...