I have an RPi colocated with one of the providers which offer this service. Just a few days ago they emailed me saying that my RPi has been hijacking tens of IP addresses and attempting man in the middle attacks. They have logs showing my MAC. But my RPi had a stock Debian, with Nginx (no scripts), certificate-only SSH and nothing else. I am not saying that it could not have been hacked, but it was more secure than an average VPS. The only known "security risk" was that I enabled IP forwarding in the kernel, I was planning to setup a VPN server.
Then I googled the problem and I found that it's really easy to spoof the ethernet MAC on an RPi. Some older versions of the Linux kernel even have a bug which causes a new MAC to be generated on every reboot. Once the MAC is spoofed it will be very hard (if not impossible) to ensure the RPi is using the IP address you provisioned or to link any malicious activity to a particular Pi.
What I am trying to say with this is that if you are planning to offer RPi colocation you should pay extra attention to the security aspect. There is more risk involved than offering VPS. Thankfully my provider is very professional and I am hopping that the problem will be solved.