Well, yeah..that actually is what I am saying, if you are talking about "customers" as "other users" functioning as sub-users of your main account. Is this ideal? Probably not, but then again, DH is not particularly well suited for "reselling" in that sense anyway, and doesn't pretend to be (not with the obvious limitations of the custom control panel for re-branding, poor user account segregation of databases hosts, etc.).
The ability to host multiple domains under an account and have separate machine users allows you to do this, but it is not without risk..a risk that you take on if you choose to do so. You can choose to require your "customers" to have their own accounts, and doing so would make this whole point moot. If you choose not to do it that way, then you assume certain risks, and sometimes it doesn't work out.
I can see how that might seem to be the case if you are treating your own account as an ISP; the fact it that such accounts on a shared server (notwithstanding the huge quotas of disk and bandwidth) is not what Dreamhost is providing. There a lots of legitimate uses for multiple machine users in your account, but the TOS is very clear that you are responsible for them all. Those Terms of Service apply to you, as proxy for another to whom you grant access as a user.
To argue otherwise is an attempt to rewrite the TOS, which we all agreed to when we signed up. Again, the solution for avoiding such personal responsibility is for those other users to have their won account, where they will have the responsibility to comply with the DH TOS (and which much more accurately describes the situation you are describing).
I think seiler and mousee already addressed the problem with that approach very well, and I agree with him. Do you really think that DH intends to provide the infrastructure and support for you to resell in that segregated a sense for what they charge? The management of that would be a total disaster. I think it is great that they allow you to host unlimited domains and have many users; I don't see that as an invitation to, or a method by which you can, absolve yourself of responsibility for what happens under your account.
I'd expect that in such a situation DH would likely close down all those sites, and leave them down until each site fixed the problem. It would be very easy to tell what had occurred, and no, I don't think that DH would consider that to be "the customer's fault" (particularly if they were using a one-click installed WordPress ).
As described, the original poster's situation is something different; he had a rogue user run amok under his account - he allowed the user and, therefore, the activity. Had that user had his own account, it would only be him for it (and DH would have had some additional revenue to compensate for having to deal with his activity). As it was, All Dreamhost got out of the deal was the grief and aggravation.
I'm also impressed by the fact that the original poster seems to have no concern whatsoever that his resources were used in this manner, only frustration that he is inconvenienced by the enforcement action. That is the main reason I am having a hard time feeling much sympathy for his situation. If it were me, while I would try to lobby for a second chance, I'd be mortified that this had happened, and deeply concerned that my account had been so misused.
Absent that recognition of the severity of the problem, and my responsibility for it (this might not have happened had I not given the phisher the user account - or at least it wouldn't have happened on my dime), I wouldn't expect DH to be anxious to reinstate my account. Maybe the original poster does feel that way, and just hasn't indicated it here, but his posts seem to indicate he feels he is the injured party and should not be held responsible.