“In the very unlikely event of a security incident, we’d be in more peril of someone duplicating our application and attempting to resell it than you losing your data or someone stealing your identity.”

Eeeee… wrong answer!! Totally!!!

Well, the service seems very solid otherwise so maybe it’s just a case of not well thought out PR.

Security is a very complex subject..
You can never simply cover all the corners and go to sleep. There are no absolutes. Linear/feed forward thinking of do/pay more/better to get more in not very effective. It’s about being smart, creating a system that will by design minimize certain problems (better than other problems).

So although you really want none of security issues to happen, you must get a very clear priority of things you want to prevent.

At cebelca.biz which is a local small business application the priorities are (from most important to least, number is the level of importance from 100 to 0):

100
A hacker gets to data of our users.
95
A hacker destroys the data of our users.
35
A hacker for noticeable period disables our service.
20
A hacker gets the source code of our application.

To me, our users data is of top priority, they trusted us with their data. And our source code… meh… capable developers want to code and design their solutions according to their ideas, not copy someone else’s stuff and get a outdated copy of something that already exists.