Since I run a big hosting company and I've been tinkering with roundcube, I noticed that you can actually access all the email accounts from other hosting accounts of a single server running on the same IP.
It can be positive as I can ask clients to access their email on a single roundcube install, therefore they dont need to go into their own cpanel or access their own horde or squirel.
It can be negative as one vulnerability can affect others not only from my own reseller account clients but from the whole server.
And I am still worried of the unresolved security issue I read somewhere. Has this been fixed?