Boycott unless they fix it.
How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.
Bitcoin raises web hosting to a new level. Yes, there are juicy non-bitcoin targets out there such as credit cards and personal data. But there is nothing like bitcoin for a hacker thief. Once you steal them, you can wait to use them, something that does not work as well with credit cards. You can mix them, something you can not do with credit cards. You can even lay down false tracks by sending them to peoples public addresses.
Now you have 'data' that is pretty much worth a years (or more) salary for a typical sysadmin. An employee of a webhost can take it and if they know what they are doing, they can be much 'safer' then stealing credit card information. Right now the only crime is unauthorized access and data theft, not all of the other crimes that go along with credit card fraud that could involve massive jail time. I am not saying if caught they would not go to jail, but laws have not caught up to bitcoin.
I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000. The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind. No 'control panel" based hosting.
