Shared hosting is secure, however there is significant difference between hosting security and script security.
You can be hosted an a server that is impossble to hack into, however if you run a buggy script and it is exploited - it has nothing to do with the server.
Only your account will be exploited - script injections, iframe injections, base64 oriented attacks, site defaced or simply your .htaccess changed to redirect all visitors to a exploted website on some other host.
Same thing can happen on your VPS/dedicated server.
I would suggest that you choose the most safe options, search for hosts that offer suPHP where you can have more secure permissions than Joomla's (famous) 777 directories.
Or if you will have your own server, configure it to run PHP trough suPHP or fCGI (mostly performance based, some say suPHP is faster others say fcgi PHP is faster) . The basics are the sae - PHP scripts are run trough the accounts user, not the Apache use (nobody [cPanel], www-data [debian] users).
With suPHP most secure file permissions are 444 (read-read-read).
If you need a conifg script to be read-write - set it 644 and afterwords change it to 444.
Directories are a standard of 755 permissions.
Hope this cleared it a bit
