Not necessarily SE, there's been tons of 0days exploited against stuff like WHMCS, Hostbill, Kayako and many other systems used by hosting companies to manage this kind of thing.

Colocation and epoxy in any relevant ports is the obvious way to avoid this.