There is no easy solution right now. We will add a similiar feature like that in the upcoming release. :-)
You need to remove php script handler at server level, define a general context with regular rexporession like "exp:^/safedir/", and a fast cgi context with regular expression like "exp:^/.*\.php", handler set to the php fast cgi. you need to make sure the first context is ahead of the second one in the configuration file.
Hope it is what you need. :-)