Issue of a DMZ utility depends on your tolerence to the risk of any web-attack. If you put your web-server on your internal network, you may be facing the risk of an intrusion on this server. Then your internal network will be at risk. Right? Personally I'd put a web-server into a DMZ and would set the lesser ACL's as possible to minimize the risk.
eg access-list outside permit any web-server tcp 80
You may also want to add a few ports from the inside to the web-server for management purpose.
Hope it's clearer now,
Mike