Simon, I guess here's my argument as well. On a locally installed instance I can firewall the heck out of the server to only my IP address is, and other various security measures like that.
If I posted in the cloud on the shared server, I would suspect that has to be more wide open to the world because you don't know where all people will be accessing the server is from. Is this a. Incorrect assumption? I would also assume that on the cloud system all data is stored in one master database which if it were hacked for some reason would allow access to everyone's data as opposed to only a subset on the hacked system.
