How do you enable to your users a password change? This is IMO the biggest problem when offering a chrooted shell. The only way i found is to synchronise the chrooted passwd file and the real /etc/passwd file but still, you need to enable really close checks what excactly has been changed in the chroot passwd file...

Another thing is that breaking out of a chrooted shell environment is really easy, in order to prevent that, you'll need to set up the grsecurity kernel which does not allow the chdir() outbreak. So if you need *real* security with chrooted users, you need to do far more than just set up this environment.