I've seen a customer try and fail when their customers got epically hacked!
Whether that was due to the panel being insecure or the OS not being patched by the customer (on a VPS), I don't know, but they seemed happy to shell out the extra for a commercial panel after that.
I think when the panel control software installed by the OS, rather than the panel having its own software compiled specifically for the panel, I think you are on a hiding to nothing as the panel is unable to secure "wildcard" software.