We were having some debates internally here a few months back over when you could call something secure. Is it ok to call something secure, for instance, if it lacks encryption?
My answer to this is actually a (qualified) yes.
Having server side encryption is great and ultimately is a very important check-box feature but I would argue it is ultimately the control you have over your data that is more important to its security.
What we do at ownCloud is give customers as much openness and control as possible over their data through integration with their monitoring, firewall policies as well as their own storage (or even third-party storage they choose).
Availability as security — If you own your data it can’t be lost because someone is shutting the cloud service down, or if AWS/Dropbox goes down.
Integration as security — ownCloud can be integrated in existing firewalls and auditing tools.
Openness as security — ownCloud can run on top of encrypted file systems to have full encryption. It is open source so you or someone else
can review the code and make sure that no backdoors exist.
Control as security — ownCloud runs in an environment you control. So you can be sure that the most secure server environment is used. You can use a hardened and certified infrastructure.
Firewall as security — It can be used completely internally in an organization behind a strong firewall or in an intranet.
As I said, encryption is (ultimately) a very important checkbox feature, but all the encryption in the world wont make you secure without control.