Man, I cannot agree more with this one. I’m the primary author (thus far) of the WordPress hardening guide at the WordPress Codex, and allowing users to have write access to actual code is a major problem. So you either need to disallow it or contain it. This is a good way to contain what users do. Another possibility is to use chroot with Linux or jail in BSD to segment off sites from each other, though you’d have to be running several WP installations instead of WPMU, so it’s of limited relevance here. Still, even just limiting permissions on the file system would go a long way to providing some containment.

For WPMU, you could use a similar technique to force the user into only using Smarty for templating if your users don’t need more than that.