First off let me say that I don't have a good answer to your question but have been wondering the same, and feeling optimistic.
I too switched from SuPHP to DSO recently when moving my VPS over to KH. One of my concerns was email, and I have been looking at the log in WHM for sent mails from the nobody account. But I have been gradually removing 3rd-party scripts over the past year, so 95% of what I have across the websites is now hand-coded. It sounds like we're in a similar situation.
A few weeks ago I ran a script called PHPSECINFO and found that worthwhile. It pointed the names of a number of risky PHP functions that I don't use and therefore added to the disable list in WHM. It looks like a serious product. There were a few other recommendations I implemented.
You say your libraries are above the html root. You sound like you're in good shape and proceeding deliberately. But again, I don't have the full answer.
Not about security: I wonder if you are running nginx, that has been recommended to me to use with DSO and EAccelerator. So far no complaints. PHP is pretty fast. They say 5.4 is even faster but it still seems problematic in cPanel.
Please keep us posted, that's an important topic.
Wishing you a beautiful week,