Yeah WHMCS was a little late with their emails. They had a posting on twitter and it was nearly 10 hours later that I received the email saying that there was an exploit. Always good to follow them on twitter!
As for them becoming a regular target - that's what happens when you're good. They've had their issues in the past, but it's still one of the best web hosting billing/support system out there.
I'll also second the statement from rds100 about removing modules - this should be true in any software package. People like to include various modules in software packages, but really, just remove anything you're not using, and if it's hard coded into a system, remove the code for faster speeds.