[rst]

Awkward time to bring up iCloud as a potential SPOF for users' security. Apart from technical flaws in the service (and any cloud service is likely to have one eventually), cryptographer Matt Green (on his twitter feed) has pointed out that Apple chose some poor defaults, particularly the use of peoples' phone password as default for cloud storage. Quoth Matt, "Of course people pick terrible iCloud passwords. You can't enter a good password 50x per week on a mobile device. You'll go carpal." (In subsequent tweets, he acknowledges that password caching would help with this, but says he had to turn it off after his kids ran up a $200 bill.)

Of course, it's not clear that password brute-forcing was what led to the recent leaks of celebrity nude selfies, and not even complely clear that they came from iCloud (though a lot of clues point that way). But regardless, they do illustrate the risks of relying on cloud storage generally, regardless of who provides it.