Great question. Frankly you shouldn't, and your developers should do it for you. While we'll be offering a service to enable this type of obfuscation via REST APIs (where we don't store or write any of your data to disk) we'll also be releasing some of these techniques as open source packages so your devs can kick the tires themselves without shipping data into someoneelse's service.
the same reason you trust external companies to do all sorts of other stuff for you: specialization. in the average case, they can probably do it better than your developers because it's their primary business.
Sure, but we are talking about a twofold trust problem here. Trust in an entity (external company vs internal developer) and trust in the work itself.
While I do see your point about trusting an external company which is specialized in the problem I’m trying to solve more than my own developers, I still have to transfer my highly sensitive data to them for which I have to trust them even more.