Uhhhh, there's no real info there (ie. the guy gave you nothing useful for someone to figure out how he got in), so I doubt it's purely DH's fault.
What were you running on the sites that were defaced? Joomla?
Unless it's due to the latest PHP 5.2.1 holes, which should be patched soon with 5.2.2 (which DH is currently working to upgrade, or has already).
Chips N Cheese - Custom PHP installs and the like!