Most people seem to be missing the point of these recent hacks. It is not important that the tool was Magecart, the language was JavaScript and the infected code was imported from a third party.
The server was compromised. The bad guys either exploited some as yet undisclosed weakness elsewhere on the server or did an inside job.