in reply to You do know you can't rely on Gmail, right? [1]
You're citing some of the reasons why I dislike SaaS, but there's one more:
Whenever I use a SaaS application, I trust someone whom I really can't reach, and I trust him without being able to exert any kind of control.
He wants to use my data for marketing purposes? No problem - I won't ever find out, since I can't check the physical disks last accessed flag. So what about that being illegal? If I can't find out about it, why should he care? I won't ever be able to sue him.
Sure, most people are nice and law-abiding, but I prefer not to rely on everyone being honest who has access to my data on some remote server.
Sure, I can use encryption for the data I upload, but any data generated on the server will be open for the admin - regardless of the security scheme on the server, because the admin could just fake that.
So it's always back to trusting people, and I prefer not to trust others too far (nor to little).
So your company keeps its company secrets in gmail accounts? How long will it take for Google to find it, if they chance to become a competitor in the field?
If you use gmail without GnuPG encryption [2], you can just as well give your data directly to Google.
And the same holds true for every other SaaS solution. You can't ever trust the remote server.
It also holds true for all unfree software, by the way. You can't look inside it (or get someone else to do that), so you can't know what it does. Do you really dare to trust it?
Links:
[1] http://blogs.computerworld.com/you_do_know_you_cant_rely_on_gmail_right
[2] http://gnupg.org