The hosting provider and the respective website owners are responsible for their own environments IMO.
When you were giving access to the shared host the first time, the directory permissions should have been set appropriately to avoid this as well as to inhibit cross-site infections.