What if you are developing new technology as opposed to running software as a service?

Internally, within an organization and site, you have (some) control over access to servers, data and code.

"Using someone's else computers," cloud or otherwise, opens up access to the service provider's staff, government, TLA's and vulnerabilities of the human variety.

I work on open source code and otherwise have few concerns about previously published applications. Where creating new tech comes into play, I would make use of ring protection and not even hook up to the internet.

You can still put encrypted backups and the like on the cloud. Yes... I think a heightened perpetual state of paranoia as a matter of professional principle serves well. Physical access is key issue.