My clients store personal information like names, phone , addresses etc unencrypted on my bluehost account ( shared hosting ). This is all stored in mysql databases that are password protected.

How difficult would it be for a determined hacker to break into my account and view this information. I heard most hackers come in as root so I guess they can view the contents of anyone's directories , no?

The only way I've seen them get in is through old insecure PHP code. That's why Bluehost encourages everyone to keep all their php and Fantastico installations up to date as much as possible.