Current cloud providers have very different execution environments; the typical shared webhost had one Apache process with mod_php and every account was just a different system account. What you needed as a hosting provider was a way of preventing file_get_contents("/home/someone-else/secret.txt"), which is what open_basedir gave you. And system(nefarious-stuff), which is what safe_mode gave you.
Today that sort of thing is very rare; you will run in a virtual machine or container, and have an execution environment all to yourself.
quite a lot of Wordpress setups run on sort of shared hostings to the date. Plesk and Cpanel are still a thing in this area. And Wordpress is still massive share of websites.
PHP-FPM which has options to specify system user per pool is basically how restrictions on file_get_contents are enforced.
Today that sort of thing is very rare; you will run in a virtual machine or container, and have an execution environment all to yourself.