Yep, we had a machine rooted as well, not as lucky, was a customers box. It has now been rebuilt, but what a nightmare.. happened over 4th of July weekend of course!
We have since updated all of our machines, but had no idea of the holes, our fault for not keeping an eye on things, but I still think DA may want to send out a mass email to all its customers letting them know.. its never fun to find out someone is using your machine to issue DDoS attacks..
We just sent out a mass e-mail to inform everyone else of this upgrade. Hopefully this will help things.
It also becomes an issue of who is responsible for their own security. Control panels are meant to configure services, not secure systems. However, when problems occur, it is usually the control panel maker who receives the most blame.
Therefore, we'll try to keep a security page maintained to the best of our ability. But keep in mind that your server is ultimately your responsibility.