There is a number of problems with how data centers make these statements and what people interpret.
The main problem is that people say things like "SAS70 Certified". That is terribly bad wording. There is no such thing. The SAS70 (now SSAE16 or SOC1 report) is not a certification. There is no preset/predetermined criteria that is universal to all companies that receive such a report. Each report is specific to that particular company/data center. It's almost like saying I have a diploma as an independent study major.
The next thing is that these reports are not intended for public use. These are auditor-to-auditor reports. They are meant for the auditor for a company that uses said data center (or other service provider) to rely on and not need to audit the data center itself. That is why auditors review these reports to make sure it contains the provisions it's looking for. Otherwise, they're going to go in and audit the data center.
Companies that get such reports tend to use it as a marketing tool to show potential customers, when that isn't the purpose. To reduce some blame, I've known auditors guilty of telling data centers that they can do that so that they could convince the data center to pay for the service.
Also, SAS70 was designed to reflect controls at a service provider that impact or relate to the processing of financial data, which would have an effect on the financial statements that the auditor is reviewing. Most data centers don't process data (the customers that host stuff there do and they need the SAS70). However, over the years, people have convinced themselves that because the data physically resides at the data center, they impact the financial statements and so they should get a SAS70. This is however, not really true, since with good security controls around the data, the physical hosting of it won't materially misstate the financials. It was for this reason that the AICPA split the old SAS70 into 3 separate services: SOC 1 (SSAE16) which is what the old SAS70 was meant to be, SOC 2, SOC 3. The latter 2 are geared more toward data centers and technology firms that don't impact financial data.
The seals that are issued by the AICPA just state that you've had a report done. They do not speak to the content of the report. I could get a SOC report that just says "All employees are entitled to free breakfast". The auditor I hire will come in and test/verify that and then will sign-off saying that they agree. I now have such a report and can boast "SAS70 Certified" everywhere, which doesn't mean squat.
It only matters to the company itself, the company that uses their services (depending on context), and the auditors of the company that uses their services.