This is probably a question better asked on a Tomcat mailing list; I don't have much recent experience with Tomcat, but as I recall, it's necessary to run Tomcat as root on a Linux machine if you want it to use the standard web server port (80). Within the Java world, this is not as unsafe as it could be because the JVM has a strong security model, although personally I'd be much more comfortable running Tomcat as a non-root user on a higher port and proxying it from port 80.
However, as soon as you step outside of that security model and start running PHP applications, I'm not sure how the JVM security model applies. You may find that you're running your PHP applications as root, which is a very bad idea. However, I'd imagine this problem is addressed somehow in the connector, which is why I'd suggest asking on a Tomcat or PHP SAPI mailing list.
I'm sorry if that's a more complicated answer than you expected!
Open Journal Systems Team
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada