The problem I have with this is the same problem we have with small healthcare providers.  Why is confidential information safe on equipment that is typically not well protected inside an office with old locks, versus storing that information on remote servers that have many security policies and mechanisms in place?

While data that exists on a local device that you can see may give you a warm, fuzzy feeling, the reality is that data can much more easily walk out the door to your office than it can if it’s stored on a public cloud service.  If lawyers are, indeed, dealing with risk, perhaps they just need to understand the technical case law here before they render a verdict that cloud computing is less secure.