[lern_too_spel]

Your argument applies just as much to email, but it appears not to be a problem. Two reasons:

1. The legal protections and auditing are actually enough. 2. The companies hosting mail and code successfully have better security than most customers that would otherwise run those services in-house.

[raesene3]

on your second point, I'd be careful before making that assumption. Without evidence there's no reason to believe that a supplier company will have better security than your own and it's entirely possible they don't.

Also should a supplier suffer a breach they have powerful incentives not to disclose that breach to you, and where intellectual property is involved (e.g. code) the theft may well not become immediately apparent.

[sargun]

The provider has a specific set expertise that's probably better aligned with hosting this service. Since it's a revenue center for them, versus a cost center, they're better equipped to make the case to hire specialists.

The your second point - legalese is very beneficial for that. In the US at least, as long as it's not a protected (by FISA, etc..) organization breaking into your provider's systems, contract law covering compromises is a fairly well developed area.

[DanteVertigo]

I'll put the question as follows? Do we really need such a service? Come one! Come on!