I'm so/so on this. It depends on how they were actually hacked, but if it was over something stupid like insecure passwords/etc then yes they should be removed from the list.
It can happen, I agree, but take a look at any of the big hosts out there, and tell me how many times entire servers or entire banks of servers have been hacked, and said data deleted. When is the last time that happened to Hostgator, or Bluehost, or GoDaddy, etc.? And those huge hosts are most likely under constant attack, just due to their sheer size and reputation.
The only saving grace for these folks is that apparently the only servers that were hacked are their free servers. But since they also run a paid hosting service, it's kinda scary that the same techs who couldn't secure the free servers are running the paid servers as well. Personally, if I was with Crosswinds, I'd be looking for a new host real fast.