There seem to be, potentially at least, some very serious security risks coming from the ability of Dreamhost customers to set up any domain they wish. People can cause trusted sites, including those of financial institutions, to redirect to their own site when accessed from a Dreamhost server (which would catch “back-end” stuff from DH customers like the above-referenced PayPal thing, as well as possibly the Web surfing of DH employees at work). In this case, it apparently just caused a “not-found” error, but somebody might get more devious and mimic the actual site’s interface, in an attempt to steal personal info. This could be scary.
I don’t know what DH could do about it, though; it would be a shame if they had to make it harder for legitimate users to set up domains. Doing something like checking whether the domain in question has DH’s servers set up in it already before allowing the setup would inconvenience people trying to transfer a domain from elsewhere in a smooth fashion without downtime, which requires setting it up at the destination host before changing the DNS servers.