Recently we've had several attempts to access our ftp account from an outside source, (we've since locked the account).
I was wandering if we use hosted webmail, such a open xchange, horde or atmail would our email db's be venerable / accessable if someone was able to get onto our server, via ftp or otherwise ?
Correct me if im wrong but the hosted webmail services ive listed above are normal lamp (or similar) web apps ?
Unless something is spectacularly amiss with your host's server setup, no FTP user should get access to the MySQL database in any manner, the files themselves being (usually) in a core system location.
They may, however, wipe out your sites files. Take backups regularly (you should do this anyway), close or lock accounts you don't use right now (you should do this anyway), and secure all open accounts with strong passwords, or better, SSH rsa keys (...you get the point).