Don't know about the rest of you, but the most secure cipher I can support on older combinations of Apache and OpenSSL is RC4. I'm (slowly) replacing these old installs with Apache 2.4 and OpenSSL 1.0.1, which gives me TLSv1.2 and newer cipher suites. I'd imagine that many web servers and not a few browsers are stuck at TLSv1.0, where RC4 is more secure than other cipher suites because of BEAST.