[bmcahren]

Many reasons:

I know people who work there. I've read the infrastructure designs. I know Amazon audits themselves. I know AWS has third party audits. I know AWS has government and enterprise users who require their partners be legally liable for improper implementation. I do not subscribe to conspiracy.

[attentive]

The same is true for other points one through six, if you choose to trust aws. But somehow "It's incredibly naïve to not use encryption at rest on AWS".