[jraph]

> And if you're that worried about it why not do full disc encryption on top of it all?

It does not necessarily solve the problem. The provider could steal the keys in memory when the disc is accessed. Anyway, hosting stuff at home does not fully solve the issue: you still have to trust your machine's firmware / hardware. So… HTTPS should never be used?

The only guarantee HTTPS gives is that the communication between the client and the server is encrypted, not that the server is not compromised. HTTPS does not worsen the situation. Nobody should use HTTPS for authentication, that's not what it is for (edit: well, except the bit about domain ownership, agreed)