My questions is just whether I am paranoid enough.
If you were, you probably would have gone on a rant concerning the phrase "mission-critical cloud services". Ceding the responsibility and control of the bits of your company that must absolutely work in order for the company to go on seems insufficiently paranoid to me. I get there are business reasons and things that can be done to mitigate risk, continue operations, et cetera, but besides the issue of whose to blame when things inevitably go in the crapper is the fact that cloud security is still an area that is relatively immature. Want to use them as a COOP solution? Makes sense. Can they allow rapid scaling of existing resources? Sure. Would a truly paranoid security person recommend you put all of your eggs in that particular basket? Only if you want omelettes.