It's your BOFH vs. their BOFH...
This has happened several time in the past with web server farms hosting multiple clients, and, indeed, is an issue that has been around since the days of time share and mainframes. A problem with a "core" application or service impacts all services that use the "core" will ALWAYS be a shared vulnerability.
The impact of these types of flaws has to be weighed against the cost and benefit of using the shared resource in the first place. While a larger number of clients WILL be affected by a problem on the common server platforms, the cost of mitigation and the impact of any loss of service and outage will, in all likelihood, be lower than a similar issue impacting stand-alone servers - simply because while ALL clients on a server may share the impact, remediation needs to be done once. And the discovery of a problem will likely be quicker, due to the number of clients that may report a problem vs. the total number of clients, some of which will NOT notice the failure.
To use a recent example: if Conficker hit one of these "cloud" systems, all the clients would be affected by it. However, remediation would also occur to all clients at the same time - including those that, with a stand-alone server, would NOT apply the fix in a timely manner.
No matter HOW or WHERE you host services, there is a probability that you will suffer an outage, that the outage WILL negatively impact business, and that repair will take time to implement. It's up to YOU to decide if you trust the service provider to adequately support you during an interruption, or if you trust your own IT apes to get it fixed or prevented any better.
So, as I see it, it's six-to-five-and-you-pick-'em.