Webmin 0.970 has recently come out, and there is a message on the webmin site that versions prior to that should be upgraded to eliminate a security hole. I assume that now there are no "holes".
As far as Webmin security in general, there are threethings that come to mind:
1. Since authentication is based on username/password, strong passwords should be chosen, and the username should NOT be left as root or admin.
2. Encryption should be used whenever possible. See the Webmin site for instructions on installing the required components if your installation is not already accessed using https://
3. Webmin users can be restricted from running particular modules. Also modules can be removed. Consider limiting access to modules that will never or rarely be used, but that can be used to cause big trouble, like Disk Partitions.

Personally, I think your ISP is either biased against Linux, or extremely jumpy when it comes to security.

John Kozura IV MCP