[haakon]

I really hate that this new model requires trust, whereas the old one did not. Even if I trust Mozilla not to peek, I have to accept that all my data, including all my passwords, now become subpoenable.

I get that the old model is too complicated for most people, but I really like it and am able to handle it just fine. I don't want to trust the NSA, damnit.

[ordinary]

This is incorrect. Both in the new scheme and the old, sensitive data is encrypted. In the old scheme, this key was randomly generated, while in the new, it is derived from a password. Either way, you do not need to trust Mozilla.

The main security concern (as far as I can tell, and I'm far from an expert) seems to be that the KDF used in the new protocol is not as strong as the one used in the current Sync protocol.

You should read the link posted in the post you replied to, especially the security analysis. It is quite readable and might allay some of your fears.