Im not sure on a specific string to grep for.
Any modifications made by a user could well open it up, I mean there is no-way we could ever protect against changes made by the user.
A concern is the amount of places which need to be open as Apache writable. And basically all compiled Smarty templates in templates_c are basically .php files. It might be interesting to also raise this with the Smarty dudes.