My considerations about the security of virtual machines seem to be correct. The Register writes about a VMware Workstation exploit in VMware vuln exposes the perils of virtualization:
The exploit uses a specially crafted path name to access folders that are being shared between the host and virtual environments. VMware applications fail to validate the malicious parameters passed from the guest system to VMware's Shared Folders mechanism. The Shared Folders mechanism then hands off the bad data to the host system's file system, which allows the exploit complete access.
At the end virtualisation is based on software and software has bugs. Such exploits are inevitable. You have to consider this in your security policies. You can´t assume that a virtual server is as secure as a physical one. This is not a problem, you just have to take it into consideration.