I set up my account a week or two ago. It was totally fresh, apart from a single index.html file containing the text "hello world." No php stuff. Chmod is 644.
It was hacked, I deleted it, it was hacked again yesterday. Hopefully the vulnerability won't be too difficult to track down.