exactly, same in this case. I expect Rackspace should ask pandaform to investigate the case and shutdown the phishing site. I won't expect the whole pandaform would be taken down.
Also pandaform doesn't allow use to put any script or password field in the form, which the quality of the "phishing" form is not as serious as what we thought as a normal phishing site do.
In the case of Heroku, I'd expect them to be able to shut the phishing site down within the 40 minute period Rackspace apparently gave Pandaforms before shutting the whole service down themselves.
I'm sure if Pandaforms had done this (which is difficult when you're a much smaller startup than Heroku) then their server would have been left untouched.
You can argue that Heroku would have most likely got a phone call and that Pandaforms deserve the same treatment, but I don't think that they'd have been allowed to leave phishing sites up for any period of time without their servers being placed in jeopardy either.
Also pandaform doesn't allow use to put any script or password field in the form, which the quality of the "phishing" form is not as serious as what we thought as a normal phishing site do.