It seems like Quip, the document service, should be a much bigger concern:
Based on their security practices document, they seem to store documents unencrypted on their servers. It's encrypted in transit, sure, but not in storage? I was shocked when I found out.