The problem was, the malware was only visible when the referrer was "Google", so they claimed there was nothing wrong. For weeks.
Either way, when it came down to it, one of their other shared clients were compromised and their sandboxing was rather insufficient leading to most of the clients on that box having some sort of malware installed. I'm sure the person in question was targeted because it looked like a standard install and frankly, if I was targeting shared hosting providers, I'd create my malware to be easy to integrate with WordPress.
I hope that makes it more clear why I find it to be GoDaddy's fault. In the end of the day, they understood what was wrong, apologized and fixed it.
Even so, you never answered my original question. How'd you determine it was a sandboxing problem rather than your own WordPress installation being compromised? Seems even less so considering you didn't realize you had to update WordPress yourself.
