I thought the point in suphp was that it wouldn't allow any files to be opened not owned by the webx/clientx user/group.
The purpose of suphp is to run a script under a different user. If a file can be opened by this user or not is defined by the linux file permissions and ownership of that file.
For example /etc/passwd is a file that is world readable on all linux systems, so you can read it as any user. So its not suphp's fault that you can open it. The file that contains the sensitive data (passwords) is /etc/shadow and not /etc/passwd and the /etc/shadow file can not be opened.
mod_php is not as secure as suphp or php-fcgi + suexec as mod_php runs the scripts as aopche / www-data user which allsows a attacker to access all files of all other sites even if they are set chmod 600. php-fcgi + suexec is the recommended setting as it runs scripts as web user but is much faster then suphp.
That you cant open some files with mod_php indicates that you might have disabled functions wth php_admin value or similar or that you disabled functions in the php.ini for mod_php but not in the one used by suphp or php-fcgi.