As one of the people here who deals with this type of issue on a frequent basis, I’d be willing to bet $10 that your site was compromised via an insecure PHP (or Perl) script.
I’d leave the support ticket open so that we can check things out and make sure they don’t have processes running as your user, but in the meantime, I’d check out the kbase article on snapshots and restore your site contents (if you haven’t already).
I’d then check any / all third party software on your site and make sure you’re running an up to date version of it. We’ve announced about a lot of holes in common software, and there’s plenty of other stuff that we haven’t announced about.
Gallery (and the Gallery modules for phpNuke and other CMS systems), twiki, awstats, phpBB, and others have all had high profile and widely exploited vulnerabilities recently.
It’s unlikely to me that the server itself was compromised.