Re: S3 bucket default is *private* to that account
The big cloud vendors like AWS don't "declare themselves secure", they publish and are regularly audited on the security of their areas of responsibility, by dozens of regulatory bodies worldwide.
Cloud security *configuration* is much easier than on-prem, its easier to set a policy on an AWS VPC Security Group, or an Azure Vnet NSG than for instance on a checkpoint firewall, I know. I've done all 3.
Security *design* is just as important in cloud or legacy environments.
A good idiot can stuff up either, but given equal competence Cloud is more secure, because the cloud providers can build a better, more secure data centre than you can.