It sounds like you're using a crappy vendor. We have a bunch of gear at Rackspace and I have to sign legal waivers when I access certain features of their portal such as the firewall management section. They have never assured me that our systems are secure given I have enough access to make things incredibly insecure.
Due to the nature of the data that we're working with we are legally obligated (PCI, HIPAA, etc.) to care about it being secure. If something does happen we are required to report a breach and can be fined by the government. We can't simply point to the vendor. Rackspace partners with companies such as Alert Logic (threat/vulnerability management), Imperva (traffic analysis, dynamic ip blocking, etc.) and Vormetric (data-at-rest encryption) in order to help us secure our environment.