I'm far from an expert on these things, but Unix and the concept of multi-user computing has been around much, much longer than HTTP. Shared servers run Debian, a Linux distribution, which is a Unix clone/flavour (without getting into the politics of what exactly Unix is)... The point is that permissions, sharing files and folders, restricting access, etc, were figured out a long, long time ago and have been constantly honed and revised since then. Most exploits, should the occur, on shared systems involve gaining elevated privileges, not finding loopholes in permissions.
HTTP, PHP, and the whole idea of web-based apps is still in its infancy and the process of cutting their teeth is exceptionally painful because of how popular these technologies have become to access sensitive data without full forethought and testing. If such bugs were discovered in *nix systems in the 80s, it would not have been a big deal because you'd had to have been on the inside anyway to exploit it. Now everyone, literally all 7+ billion people, can have a go at picking the locks on a web app, often with very tempting data behind the door.
While it's certainly possible that someone could find an exploit in the OS, I'd wager that the chances are about 10,000x greater that any problems people are having are due to the vulnerabilities found in the public-facing doors to their accounts (their website) rather than the backdoors (the OS of the servers).