Dan Goodin over at Ars Technica has a nice article with an example of one of the privacy risks of using virtual hosting (such as Amazon EC2 and other cloud computing services.) This particular scenario allowed attackers to recover GPG keys from other virtual machines that happened to be running on the same physical machine. It’s likely possible to recover SSH keys in a similar way.
Since a few customers have asked, SpiderOak owns and operates all of its own physical hardware. None of it is virtual hosting with other organizations.