The only linux server I saw that had been rooted was one where the lazy software developer that ended up looking after it decided to give every email user a full shell, let users have three letter passwords, let it be accessed by ssh from anywhere, put a compiler on it and fucked up the permissions of config files ("chmod a+rwx /etc/*") so that he didn't have to switch to root or sudo to edit them. Luckily about the first thing the script kiddies did with it was portscanned another machine that was under adult supervision, so it was found before becoming a spambot.
So that's what on earth people can do to get their machines rooted - be idiots five times over.
On the MS side there was the patch that made MS Exchange an open mail relay by default, so you only had to be an idiot once over in that case, and unfortunately the contractor was that.
With systemd I'm starting to think that being an idiot once over will be enough as well.