Hosts are concerned with the security of their infrastructure, not with your website.
This is a distinction that most website owners fail to make, and it’s made more evident to me every day. This same misunderstanding however puts hosts in a precarious situation where clients expect security, and to some extent get it, but on the other it’s not the type that matters nor will it address today’s challenges. This is all compounded by the economics that drives the hosting ecosystem.
I should probably clarify however that this is probably not a blanket statement for hosts. But for a majority of today’s Shared hosts that deal specifically with end-user websites, it’s very much the case.