Thanks god I am not the only one hading fear
I strongly guess he was not able to create files within the root / of your server as jailkit was enabled and this was the jailkit root.
Jailkit works more or less like this:
It creates a chrooted area where the ssh user can work. This area contains folders like bin, var etc. just like your server does. But these are not the root servers directories, but the ones from the jailkit chroot.
So let's say he navigates to /root. This will not be /root like you mean, but (if you are using ISPConfig) something like /var/www/clients/domain.tld/root.
So it's absolutely safe to enable Jailkit, as he can not break out of his jail.
You can read more about this on the official jailkit website.
Case 2 would be, that we really was in the servers root. You could test this by creating a test file within /root. Then login via ssh and go to /root. If you see the file, you have security issues. If not - it's within the jail and everything is safe
I know this is something absolutely off-topic, but you could also have a look into "lshell". It's a very cool package allowing you to jail users into their /home folder (or a defined dir) and restrict allowed commands. In difference to jailkit, it does not create additional folders.
You can also config autoban etc. Just test it out