I submitted a ticket to Hostgator to warn them about a potential security risk but your guys can perhaps look into it too.
In short it seems that a Cpanel server can gain access to the root dns zone of another server via clustering with just a reseller access key on the remote machine, and potentially also a plain hosting account access key.
I openend a reseller account at Hostgator to act as backup for DNS and email of my own server. Discover that at least the email backup would not be possible so "played around" to configure things.
On my dedicated server, I added the reseller account at Hostgator as cluster server. WHM says it failed because it must be setup on the remote machine too. (Cannot do it because even resellers cannot create clusters)
The cluster was however actually created and got ALL the dns entries from the remote server.
That is not what I want so I delete the dns entry on MY machine, to get a message that the entry was deleted on my machine and hostgators machine.
I am not sure whether this entry was actually deleted at the remote machine but anyway immediately contacted Hostgator to inform them about this.
Just let you know because it is perhaps a good idea to look into this?