in some circumstances, yes, but in others, no. We use Workday, multi-tenant, SaaS. Because they have have a single line of code, they been able to deliver new features regularly, several times a year. The fact that they have a single code-base must make it significantly easier to develop, test and deploy than either single tenant SaaS or in-house systems. Their security is good and regularly audited by third parties.
I agree, cloudy stuff can be done badly, thereby introducing extra vulnerabilities, however, if done well ( http://diginomica.com/2013/09/06/workday-cloud/#.Vgl_JflVhBc ) the benefits, to both vendor and customer are significant.
We had an outage a couple of years ago. Failover to the backup site took four hours and we didn't lose any data - I thought that was impressive as we run HR, Benefits, Payroll, and all financials for multiple companies. Been using it for 4+ years now and consider it to have been a very positive experience.