Nope, your phone could be rooted by nice looking app which is in fact the chinese hackers' malware sneaked into Play Market / App Store e.g. http://www.ibtimes.co.uk/chinese-hac...s-risk-1520592 so it's kinda critical too.
BUT at the same time you could root your own phone if you need it and if the phone manufacturer prevents you from getting root access. So I find this vulnerability as somewhat good for the handhelds power users.

And concerning the servers - it is a total disaster. You do not need the shell access to own your hosting provider's server - you just need exec/system/etc function enabled in PHP configuration and even if such functions are disabled there are plenty of other ways to run shell code where the simplest is - running a cron job from the control panel.