Apache still lacks a way to set MaxRequestWorkers per vhost. It makes all the sense for such limitation to be set in vhost (along global one). If you setup webserver with multiple vhosts than any vhost can now use all MaxRequestWorkers quite easily. There is no way to protect against that. It is absolutlely ridiculous. Yes, I realise it would be hard to implement bause of how MaxRequestWorkers code works now.