OK, I think I get the picture. Most of it is very logical but as I got strange results when trying different permission settings I got confused.
I would not suggest going this route if your QNAP can handle Apache well
No worries, I tried to add lightpd to my Synology in the past => crahed and burned
I'm not sure how QC checks to if it is installed by root.
For some details, see here
I would chown everything by guest:guest ( that is the user Apache should be running as and also the user that would perform the SC update).
SC/Apache user seems to be different in my case. Thats probably why the outcome of my changes to permissions failed. When I look at the files created (xml & jpg) by the mediasearch they are all owned by user httpduser 
Can I conclude that this is the SC/Apache user? Also, does it make sense to try change this user?
(FYI, the guest account is disabled for all my folders on the QNAP)