It's inconceivable to me that after the Linode compromise they chose one of the cheapest shared hosting options with Rackspace and that they didn't regard redundancy and being able to shut down access to the server if it was compromised as critical. They made these choices after they'd performed a security audit which should have revealed that their servers were still vulnerable.
Just to make sure everyone has it straight - Bitcoinica was on the RS cloud long before the Consultancy came along. The Linode VPS was just an attempt to keep the hot wallet off the rackspace cluster to spread the risk around. Obviously we saw how that failed.
I'm sure that excuses them from not tightening up their security at Rackspace after the Linode hack. They performed a security audit in March according to Tihan - a proper audit should have revealed the Rackspace vulnerability. Another attack should have been
expected. Even if the same attacker doesn't come back for a second bite at the cherry, once a vulnerability has been exploited other people will try to exploit that same vulnerability in respect of both the company which was originally attacked and similar businesses.