Actually, the most secure option is the chrooted shell. This jails the user to his own webspace. A webspace user should not be able to access anything outside of his own webspace. If you provide full access through another shell type, hackers will use this opportunity to install malware on your server. This will occur through unsecure or malicious plugins of the website software. Enabling full shell access can also lead to a total desaster as that user can then remove files and directories.