* Stability. Make your servers built to last, come what may they won't vanish overnight or crash at 2AM and stay that way until noon three days a week.
* Performance. Doesn't have to be a super hot rod, in fact it's better not to because performance-modded builds often lack stability found in more conservative arrangements. But it should run light and quick, keeping up with customer demand with capacity to spare.
* Reliability. Stuff happens. A good host will own up to their mistakes and make good on them, even if it means catering to a few upset customers after recovering from an outage. Won't always make everyone happy, but if you can keep most of your customers satisfied they'll keep coming back for more. Just have plans in place for handling situations so that if something breaks you rebound quickly and decisively.
*Support. This is vital, in fact one of the turn-offs to a customer is if they need help and can't get it. More often than not they will ask somebody else for help, and be referred to another host. And I know quite a few people guilty of this, having seen it quite a few times just in a year of hosting and several years of being a free host user myself.
*Realistic. While Unlimited Everything looks great on paper, it is impossible to actually provide that. Even if you were the proud owner of a Google Super-cluster, your resources would still be finite and so should your plans with those resources. Not only that, but realistic hosting plans will deter would-be abusers because they won't have the resources to abuse to such extents.
And they are more profitable to a host- reducing abuse and increasing regular traffic to legitimate sites.
*Security. Modify the php.ini to disable commonly abused functions, with manual inspection of site and source code before re-enabling a disabled feature when a customer requests it. For instance disabling all forms of sockets, mail, and remote PHP includes will prevent the generation of spam email. You then tell your customers that if they are installing content that requires such a feature- such as a forum that uses notification emails, they can submit a support ticket to have php mail enabled for their site. Other security measures are a good idea as well, as some site content types attract so-called script kiddies and other types of negative attention that focuses on flooding or compromising the server.