you don't have to set rwx
for 'other'. You should change the owner and/or group of the particular folder/file you are trying to protect. E.g.:
chown -R cwd:www-data /var/www/cwd.com
chmod 750 /var/www/cwd.com
Now only members of the group www-data
can read /var/www/cwd.com
. And only you (cwd) can write to it. If you want to allow your applications (through Apache) to write/modify files in that directory too you chmod it to 770.
I think this covers all your issues, I see no reason to change the user apache is running under.