php source code is downloaded and not parsed by server

Hi everyone. We recently setup a new VPS ( CentOS ) virtual server, and are now in the process of transferring accounts. Today we stumbled upon something that worries me.

When surfing to a recently moved account, we did not get to see a nice web-page, but the browser started downloading a file, called "download", without extension. When opened in notepad, the file contained the source php code of the index.php file. The server handled the php file as if it were just a file.

We could reproduce this behavior when we moved accounts that had the option "The PHP file extention will be processed by ... " set to PHP5 in the Php Configuration. On the new VPS, we could not set this option. Only after changing the option to "System default" on the old server and then transferring the account again, the php files were parsed and the website showed.

Old server (shared hosting - cPannel 11.28.52
New server ( VPS - WHM 11.28.87 / CentOS 5.6 )

I'm not sure if this is "by design" or what config files we could have edited to cure the account. Re-transferring it after setting the option at the source did work for us. But my questions are:

Is this a security hole? Can this be fixed without doing the transfer again.

thanks