I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories
If at this point, you still believe the NSA collecting private data is tin foil hat territory, I'm not sure exactly how to proceed. However, I'll assume you didn't actually mean that for purposes of the rest of the post.
Obviously you are concerned about your data being intercepted and stolen. Do you guys honestly think, for one second, that you can hide from these guys if they really want you?
OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway). Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you? If you answer yes, then again we know you aren't involved in information security. So since the answer is no, what is your solution? Do you simply throw your hands in the air and say screw it? I cannot guarantee to stop them anyway, so lets just toss our firewall and anti-virus in the trash? No of course not. Heck even your sarcastic comment about a physically secured facility, in a faraday cage, with no internet access cannot promise the information will be secure. A simple warrant, guys with guns, breaking down your door and taking the server easily gets around that.
Information security is about risk mitigation. What can you reasonably and responsibly do to ensure the security of your client information? It isn't about guaranteeing 100% security as that is simply not possible (NSA or not). So there standard industry best practices to mitigate against risks even though that doesn't completely remove all risks. Such things include encryption, firewalls, anti-virus, IPS, DLP, etc, etc. Even if you do all of those things and more, that cannot promise 100% safety, but it does represent you doing your best to protect your clients data and not just tossing your hands in the air and saying screw it.
This NSA (I use that as they are the largest, but mean it to encompass every alphabet agency from every country) threat isn't new obviously, but the scope and visibility of it is obviously much more obvious than ever. Thus responsible IT professionals will be talking about how best to responsibly do their jobs in this regard for quite some time. I'm sorry you don't like it, but it is a good thing. New best practices on how to combat and mitigate these risks will come from such discussions. There will never be a 100% fix, but these discussions will lead to solutions that help. Those of us who take our clients information security serious obviously love these discussions. I'm sorry for you (really more for your clients) if you don't want to hear about this, but it isn't going anywhere.