I would like to ask if someone can point any issues out with storing my php application in a subdomain but accessed via symlink in customers domain so that they can't touch, download or delete the system files.

Also is this a safe correct way of doing it?

777 - cust-example.com/system/ is a symlink to

Above Document Root
755 - system.cust-example.com/system

DOCUMENT_ROOT is:
755 - system.cust-example.com/docroot

So far all seems to be working and when trying to access the system via the symlink through ftp access is denied.

Our web site also has mod_rewrites in a htaccess file that has the following example

Options +FollowSymLinks +Indexes
RewriteEngine on
RewriteBase /
RewriteRule ^holidays/(.*)/$ /system/www/country/country_index\.php?id=$1 [L]

Would appreciate any comments on anything I should look out for, I have complete SSH access etc and have general experience but I'm not a big server whizz.

******
ADDED

I also have complete access the the httpd.conf file would it better to create an alias for that directory instead?

******

Cheers