Like you say, everyone knows they can access your files. It's naive to assume that they won't. Of course you wouldn't expect them to be doing this on a large, detailed scale but I think we all assume they occasionally see someone's file. The laissez faire responses wouldn't be the demise of SaaS, we're just being realistic about things. Trust is absolutely paramount when using these services but I think you're focusing on the wrong thing. Trusting that they won't see the files isn't the thing to trust. You trust that you have a better chance of being struck by lightning than of having an employee or attacker read and/or share the contents of that file.