jibe
Owncloud 5 requires a specific version of php or newer in order to run correctly.
The comment in the wiki here
http://wiki.contribs.org/OwnCloudsays "Version 5.0.0. and later works out of the box on SME8", but I think that is not correct.
I think that may refer to an earlier version.
So in order for owncloud to run correctly without errors & security warnings, you do need to update the version of php.
The wiki states
"see bugzilla:7613 and most particularly bugzilla:7613#c3 and this one for a workaround. An alternative method is mentioned in the forums here. "
which has embedded links to various ways to update php.
One of those ways to upgrade php
(the forum post here
http://forums.contribs.org/index.php/topic,50335.msg252984.html#msg252984)
uses the webtatic-el5 repo & does work OK (I worked it out), but another contrib (phpmyadmin) then complains of dependency issues if you try to install it. If you do not need to use that contrib then the php upgrade method appears to be a satisfactory & safe answer. No other problems have been mentioned in forums etc.
Personally I think the phpmyadmin contrib should be amended.
The php5-cgi solution was to allow different versions of php to run on sme server & to be selectively used by apps/contribs, ie the standard older php & the newer version php5-cgi, so as to avoid upsetting or creating dependency issues. It was the php5-cgi that became a security risk, NOT the standard installed version of php.
There is no security problem upgrading php to a later version eg as per webtatic or epel repos.
Yes you can install owncloud on SME, but you need to upgrade php first, & there will be no security issues (with or caused by php).
One dependency issue has been observed with phpmyadmin, so if you also want to install that contrib you will not be able to.
You can use an older version of owncloud on sme8 without needing to upgrade php, but you may be missing some features that newer versions of owncloud have.
I cannot answer if there is an old compatible version of Mozilla Sync as I do not use it.
The other choice is to NOT use owncloud, because of dependency requirements, & use some other app that is compatible with sme8 "as is".
If you upgrade php & install v5 owncloud you server is safe, but as you are then running a different version of php than what is in the sme server "base+updates", then you will need to monitor php security & ensure it is kept up to date if there are security releases etc.
The dependency issues re other contribs is not that easily solved.
As soon as users & developers digress from standard upstream sources, then there is substantial extra work to update packages & maintain good security, those other packages eg phpmyadmin have to be patched to work with newer version of php, so someone has to do that & follow up later when an even newer php version is released etc.
In my opinion it is better to stick with a standard SME server & only use contribs or apps that are compatible with the "base+updates" stream.
Part of that approach if you must use new contribs or apps that require newer versions of packages would be to start using SME9.
The final answer is not so simple & depends on your actual needs.