Re: "Security will have kept up with the hackers"
It always blows my mind when people assume that they have better security protocols/procedures/technology than a cloud provider.
On the other hand, the aggregation of so much juicy data makes them a prime target for not only hacking but also leveraged subversion. As it's outside, you have no idea what they are doing unless you throw an audit at them and that too requires some pretty competent people to do it right. In my experience, larger consultancies tend to be worse than specialised shops for this, but you'd have to convince the executive gremlins to choose skills over a big name because they're more interested in big names to point at when it goes wrong, ignoring the fact that in doing so they have caused to conditions for that to become a certainty.
If it works for you and you're willing to accept the risks, fine. Just don't come and whinge when it all goes wrong, because I will just point you at a big poster we made for the IT room which has just 4 words on it:
I told you so.