They appear to be skipping the OS's bootloader and instead starting the VPS off of an external kernel image. The only problem is that their kernel versions are way out of date which can be a security issue.
I'm wondering if there is any technical reason why you would want to limit the kernel a customer ran?
Relevant:
- https://www.digitalocean.com/community/questions/do-you-update-kernels-sometimes
- http://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2814988-give-option-to-use-the-droplet-s-own-bootloader-