I suggest adding info in the ACP about the caveats that mod_security and suPHP may present if end user has them in use, and what to do to address them. CHMOD 777 will "break" suPHP. mod_security can potentially "break" the sql tool box, screenshots (idm), upload progress (idm), dynamic images, large posts, posts with the word select in them, or posts with url paths in them. A heads up on what to white list may save some time in the support ticket arena. Thanks!

For your information, somebody might be able to use the following info:

We had quite some false positives using ModSecurity. We've commented the following entries by now:

# Check decodings
# SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUrlEncoding" 
# "chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'1234123440',severity:'4'"
# SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"


# SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUtf8Encoding" "deny,log,auditlog,msg:'UTF8 Encoding Abuse Attack Attempt',id:'1234123439',severity:'4'"

(...)

# allow request methods
# SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" 
#    "phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'"

After this ModSec is still blacklisting IP's, but almost none from the countries where most of our users reside (responsible for 99% of traffic).