I just noticed that you can log into any FTP and cpanel account on the server by using the root password. Is this how it is supposed to be?
I would change the root pass immediatly if I were you, FTP is sending your pass in plain text (unleas you are using SFTP)
It's like if someone is after your root password they can use different tools to catch your password = your server gets compromised. search for SFTP if you realy need to use root password when using FTP
Anytime root password is sent over an insecure connection, you have the risk of hackers getting it. Root password is supposed to allow you into any users cpanel or ftp. It allows you to access anyones site without needing to know their password, but, as already said, use a secureftp program before logging into anyones account with root password.
If you log in to a clients cpanel with root password through port 2082 it will show your IP. Through port 2083 it will show localhost. I would never use root password without a secure connection (2083).