It’s been many years since I’ve actually deployed WHM/cpanel to see how secure it actually is and if its still vulnerable to symlink attack with out having cagefs, cloudlinx, imunify. I wonder how WHM/Cpanel would actually hold up? I know most of the hosting business today would have either one of those plugins on there servers for some sort security.
I believe it was whm/cpanel mostly had this problem but I think by now they should have patched that loophole or made it default to protect against that which I’d hope since they raised the prices on it. That was the number one reason I’d avoid storing any such business or personal information on such cheap shared hosting site.