Well, as far as i can tell this isn't exactly their fault. I'm assuming that they'll actually be installing their own servers in a data center instead of renting a VPS at OVH...
If you have something that's very important to take care of, would you leave it in the hands of some random service provider, og would you ensure you hosted it on a dedicated server, in an environment or facility where you had physical access to it, and where strict security restrictions were present ?
Using a third party hosting provider that might not even be aware of all the valuable information stored on your servers, that's asking for a disaster to happen. Although it might be a breach at the hosting provider, that's still Paymium's fault, as they trusted them with the responsibility in the first place.
To me, it seems like their security is not up to bank level standards at the very least.. They're hacked 3 times now (that we know of), bitcoin-central twice and instawallet once.
