I've been using spideroak and encryptr for a while and I'm assuming the data stored by them up until now is secure given that it was a zero knowledge service. Any opinions on this?
Unless you manually manage your keys, it's only zero knowledge if you never log into their website or use their Android app, either of which gets your key onto their servers.
Give that it looks like the canary just did its job, it would be prudent to assume SpiderOak is now compromised in some way. Therefore, it's probably safer to assume that all data stored on it up to this point is also somehow compromised too.
That would depend on whether you trust that they are zero-knowledge. It is certainly possible to build a client that works like that, but their client wasn't open source, so there is no way to confirm this.
However, if you trust them on the canary, why distrust them on the claim their service was zero-knowledge. It might make sense if they are 'amoral enough' to lie about being zero-knowledge, but 'moral enough' to admit to being served a warrant. I think space for that level of morality exists, but is small. The other issue would be if they weren't zero-knowledge through an unintended bug.