Any web hosting worth its money will give you read/write access to a directory outside the document root. I would not go near a hosting company that doesn't. That said, there are many poorly operated, cheap hosting solutions which are insecure and not configured well; this means there are likely to be many users who do not have write access to the directory above the document root and cannot, can't afford to or don't want to move to another host.

It is your decision weather or not you want to cater for these users. Simple economics states that you should, while good practice states that you shouldn't I don't see a security issue with providing the users with a PHP file with some configuration variables which govern the configuration. But be very careful the variables you choose and ensure that you treat any data in the way you would treat data from a user who submitted a web form; i.e: validation, escaping, security.