This isn't an apache issue.
Safe mode should be checked against true/false as well as on/off. This is an unfortunate instance of using php_value setting from httpd.conf or .htaccess. Otherwise it should always be a boolean.
I don't think there is an easier way to do that one. It looks to me that it will work and covers int, boolean, and the possible string pushed by the httpd, but I can't verify atm since I don't want to install a < 5.4 environment to verify.
if ($sm = ini_get('safe_mode'))
if (((is_int($sm) || is_bool($sm)) && $sm == 1) || (is_string($sm) && strcasecmp($sm, 'on') == 0))
$issafemode = true;
You can check disabled functions easier using reflection:
$sFunc = 'exec';
$rf = new ReflectionFunction($sFunc);
printf('Function %s is disabled? %d' . PHP_EOL, $sFunc, $rf->isDisabled());
Oops missed that you had another question here.
shell_exec is similar but it captures all the program output. The exec only returns the last line of the command. You can give it an array for the second parameter to give you each line of the output as well.
To help secure it you use the escapeshellcmd and escapeshellarg functions. Use carefully since if safe_mode is enabled (gone as of 5.4 as well), it will automatically call escapeshellcmd prior to executing.
To really secure it, don't use it. If you have to use it, than limit what input it allows. You'll be quite safe if you do not allow user provided input. Otherwise, you escape it same as you do with MySQL's real_escape_string functions.