Has anyone ever heard of this happening?

I recently logged into myqladmin interface to find a database called 'test' which was populated with what appeared to be real data from a company and I had complete access to it. I emailed the hosting company and they said that was standard procedure to create a database called "test" which is globaly viewable / downloadable / possibly modifiable(although I didn't try) by all clients with a database. Then went on to say it was the companies fault for not deleting it after they were done with it. To me this does not seem like standard operating procedure.

MySQL does install a "test" database by default on installation. It should only be used for what the name implies ("test"ing). Whoever is using it to store data is at fault.

I have never seen anything like that before. Why would you even allow that to occur in the first place. This is a small hosting company so the risk is small but I don't see how this is practical at larger companies. Would it not be easy to restrict permissions to the database so that people cannot do this?

Each user (or the hosting company) should create a database for themselves (or each user) that has limited permissions. As I said, the "test" database is for testing. It allows you to test anything from SQL statements (on false data you may put there) to your PHP connection strings. Just don't use it and you have nothing to worry about.