Yes, this is a concern. I believe the latest version with the patch is 5.3.21 which is included with OpenBSD. But some of the features in Suhosin were merged into mainline PHP. It would be interesting to see a side-by-side of 5.4 and Suhoshin patched features.

I'd still advise people writing new applications to go with PHP 5.4 first if only because development is made simpler, therefore it's less likely to include accidental vulnerabilities while trying to (re)implement new features available by default in 5.4.