Right, in most cases though those holes are easily plugged. When switching over to CF don't use an IP that was ever public-facing for your site, use distributed systems like Amazon SES for sending email, etc. I imagine the things you mentioned do go overlooked by some when fighting off an attack, though.
