Sounds fair. I know that each physical server they run probably costs upwards of $150 a month for hosting (colo rack). They deserve to make something for running a pool.
I think that they ALL need to add some 2 factor authentication though, google authenticator API is pretty easy to setup and just latch it to your payout wallet. BTC has a payout lock and thats why I use them. If your wallet address changes, you get an email and no payouts can be made for 24 hours. This gives you enough time to log back in or contact the pool before anything is taken.
If mtgox did the same thing (email prior to transaction with authorization link) then none of this other stuff would have happened.