I have a couple of sites on Dreamhost and malware scripts are inserted in our many PHP scripts (i.e: Wordpress) very often. I am thinking in moving our sites to specialized places. For example, move our blogs to wordpress.com, where I assume they pay more attention to security.
I don't see the cost/benefit of putting human resources working on this.