I agree with the other commenters that overprovisioning (or underprovisioning) is a concern with the cloud, but the public cloud has long been more secure than on-prem data centers [1], [2], [3].
As for the cost, Reserved Instances can dramatically reduce your spend, with the caveat that you can get locked in 1 or 3 years. My company, Usage.AI, built a platform to solve this problem by automatically buying and selling Reserved Instances to get the price and flexibility benefits in one [4].