But this could be as problem if there is no root access.

Shells can also be used to gain root access to the site.

Those restrictions (which are still enforced even when you have root access) significantly enhance security.

Each customer has root access on what appears to be their own system, while in reality one physical computer is shared between many people.

For example, you could remove pre-installed applications with root access.

Are the apps more likely to use root access when they shouldn't?

The users may have root access to their own virtual space.

What would they do with root access to a device?

It's quite a bit more expensive than shared hosting, and you don't gain root access.

No, they cannot be expected to know that their wallpaper program asking for root access is unusual.