Thanks for the reply Falko.
I figured that much, but just out of curiosity: why is "--with-setid-mode=paranoid" so essential for ISPConfig? Is that only for additional security? In other words: is the regular Debian package not secure enough? And does that extra security compensate for the extra hassle of having to manually maintain suPHP instead of being able to make use of a standard package?