It's more than just those incidents though. It's about basic security practices. No security audits. Passwords stored in plain text. Major discrepancies in the story from what Linode says versus the hacker specifically around whether the private key was compromised and credit cards stolen.
And it's just a continued pattern of incompetence and cover up.