Ahem. There have been multiple exploits for heroku, some of which enabled access to code and data of other heroku customers (google for "heroku vulnerability").
From what I read about their virtualization (which may not be up-to-date) they seem to rely on the security of chroot(). If that is still the case then there is a big problem in their future.
chroot has not been designed as a security feature but as a system testing tool. you only need a local root exploit to get out of chroot. you need additional protection to have a proper jail; freebsd does this, openbsd used to, not sure how it is now.
From what I read about their virtualization (which may not be up-to-date) they seem to rely on the security of chroot(). If that is still the case then there is a big problem in their future.