It's inconceivable to me that after the Linode compromise they chose one of the cheapest shared hosting options with Rackspace and that they didn't regard redundancy and being able to shut down access to the server if it was compromised as critical. They made these choices after they'd performed a security audit which should have revealed that their servers were still vulnerable.
Just to make sure everyone has it straight - Bitcoinica was on the RS cloud long before the Consultancy came along. The Linode VPS was just an attempt to keep the hot wallet off the rackspace cluster to spread the risk around. Obviously we saw how that failed.
I'm sure that excuses them from not tightening up their security at Rackspace after the Linode hack. They performed a security audit in March according to Tihan - a proper audit should have revealed the Rackspace vulnerability. Another attack should have been expected
. Even if the same attacker doesn't come back for a second bite at the cherry, once a vulnerability has been exploited other people will try to exploit that same vulnerability in respect of both the company which was originally attacked and similar businesses.
I'm just saying this from the point of view as someone who has read all the things said about this incident and not as defending them in any way, but if an audit had been performed at that time it wouldn't have caught a later security breach. The later breach was that of an insecure server containing the credentials to access an otherwise-secure mail server, which then cascaded into allowing access via a password reset into the control panel. The 2 Bitcoinica incidents had similar qualities, but were not the same hack.
It's kind of hard to audit the hosting provider's control panel from all angles, especially when you have no access to the backend of it. Obviously all this stuff should have been on a dedicated server stack a long time ago.