Almost everyone running a 'real' web service puts in place limits to prevent this kind of abuse or isolate their customers from it. Gone are the days of running eggdrops from $1/month php hosters and hosting warez on Geocities. And most of the time these providers have an abuse reporting system with forms that allows for efficient review and process of complaints.

The combination of 'unlimited' access of a shell along with the shared nature of the host causes shells to be targets of more nefarious activity. Due to the personal nature of the account, people often host more personal information on a shell. So when it comes time to fork over account access, people are at more risk than just a web site host.

I understand the nostalgia of having a place for shared accounts. I have friends who host shells for their friends; a throwback to the days where it cost real money to colo a dual pentium machine with a SCSI RAID array on a 10mbit connection. But the world isn't a safe place anymore, and the feds don't just ignore cybercrime like they used to. They could probably trump up a charge of 'accomplice' just for having an account on a box that had some crime associated with it. I feel much better paying a few bucks a year for my own VPS.