my previous host had the same problem...all of their users index.html files were hacked and wiped out...how does this happen?
I assume the hacker manages to login to one of the servers hostony has and starts editing the files...is it just a matter of getting a login/password or some sort of backdoor hole?

Is this current problem with the Linux boxes or the Windows?

I figure hostony customers have no control over stuff like this happening, correct?

My previous hosting company forgot to shut down apache while upgrading PHP. Many sources were downloaded. So, they have cleared logs and told me, that "somebody has hacked into my account and installed (FTP only, no SSH at that moment) illegal IRC stuff, that's why .php files has been downloaded instead of executed"

Sometimes on shared hosting, if you know the account name, it is possible to read/write files in other accounts. For example, create a script, which reads well known open source product config file and prints configuration data.
Of course, good server admin can fix permissions.

And the last thing, I am developer of web applications and from my experience I can say that this can cause many troubles, because many people use the same passwords for database/ftp/mail etc. That's why I don't like cpanel system. The user is forced to use the same password for FTP/SSH and Cpanel. (Buy a notebook to keep your passwords. Never use the same password on the Internet.)