Hmm. They email your initial root password in cleartext, rather than either letting me choose it or displaying it on the site, both of which would be over SSL.
You should probably make it clear during server creation that if you have added SSH keys on the web site, they will be injected into ~root/authorized_keys in the image, if that's what you do. Linode, for example, lets you add SSH keys on their web site, but that's only to access your VM's console.
