ISPConfig, unless they've changed it, is a very dangerous control panel. ISPConfig3, at least, runs the control panel as a vhost on the same Apache instance as the users, which is Very Bad. I actually wrote an article a few years ago that roasted it pretty hard. Try Virtualmin for a more robust, secure control panel.
The problem is that the server can be configured from userspace. There's even a (horribly outdated) WordPress plugin for setting up email address from within WordPress. Super insecure, no matter how much SSL you throw at it.
I'm sorry, but I don't really follow. This tool, like many others, was created for exactly this purpose: to configure the server from userspace. The ISPconfig web interface doesn't write directly to the server. It creates a series of tasks that are executed in the background by another process with different privileges (and you are limited to a list of predefined tasks, you cannot do an "rm -rF /"). So... I don't think it's possible to run arbitrary code through the ISPConfig web interface, because it runs with the limited privileges of a PHP FPM process that writes a task to the database queue, which is later read and executed by another process.
The main problem for me is when the web server (Apache or Ngnix) fails to start or restart for some reason. In this case you are cut off from the ISPconfig interface and forced to fix things by hand.
