Actually Till, your right. Running a server is more then just putting software on a computer and thinking your the bomb. A vast amount of my time is spent working on security related issues. I wish I had a penny for everytime I hear that someone has been hacked because of the "server" No, more like the operator didn't do his job. Didn't stay aware of current security issues, didn't keep things up to date, didn't pay attention to what his clients have on the server, etc, etc, etc.
Hosting is like any other profession. It takes time to learn, and time to become proficient. If someone out there is looking to get starting in hosting, I say grab ISPC, your favorite distro, and play with it, try to break the blasted thing, learn security issues and topics. It's by far the best way to learn. Then put it on the Public Internet and start accepting clients. Your churn rate will be lower, your stress will be lower, and you won't tick off half the people working on the Internet (the other half I firmly believe are scammers anyway!
This isn't a BIG security problem. It's a BIG education problem.
Sorry, I'll get off my soapbox now...