The truth is, Slavik’s article has great advice for anyone considering hosting their application with any third-party provider. When you don’t own the infrastructure, you lose some control no matter how the service is marketed. Cloud providers recently seem to be under tighter scrutiny for security, as if renting bare-metal (or virtualized) servers from a Rackspace or Savvis is any different; the burden is always on the customer to demand proof of good ITIL processes and secure infrastructure configuration and operations. When it gets down to it, if a customer does not have the sense to firewall a physical, virtual, or “cloud,” server exposed to the Internet, for example, they’re asking for trouble through no fault of the provider.
I’d encourage everyone to read this article and think about any third-party hosting provider be they cloud, virtual, or traditional bare-metal.