Because it is an extremely high-value target that has proven capable of defending itself from numerous sophisticated attacks, and it has a vested interest in keeping its users and customers secure as well.
Is anyone actually taking this serious? As if all other countries are any better.
Uh, German data protection laws, yadda yadda - they didn't stop the police from raiding several activist non profit organizations a couple of months ago, with no repercussions.
The "US jurisdiction"-line is just tiresome and weak. Show me the country that guards user data that isn't part of 5 eyes and where attempts of the state to gain access to said data is actually penalized.