The CPanel on my host only offers up to 4.6.3.
Is that the version you actually had installed? 4.6.3 was released August 14, 2005 (http://drupal.org/drupal-4.6.3) - if you installed your Drupal site BEFORE that time, then you were not running the latest security fixes, and it may still be possible that you're susceptible to an XML-RPC exploit. For now, a reasonable workaround is to:
* delete the xmlrpc.php file in your Drupal directory.
While this does nothing to prevent the bugs fixed in 4.6.4 and 4.6.5 of Drupal, it will specifically stop any XML-RPC vulnerabilities, at the expense of removing the ability to receive updates for blogging applications (per the blogapi.module).
If you have further concerns or questions regarding the security of your site in regards to Drupal, please contact security@drupal.org - the support list isn't the best place for this.