for every time some one told me that their on-premise is more secure than cloud. To be very fair, the first thing you should look at it is where your security risks, threats, and exploits are arising. If we look at most security failures its almost exclusively due to disgruntled current or former employees within the IT organization or misconfigured external-facing software that is easily broken into. While yes the Chinese, North Koreans, or NSA are probably trying to hack the AWS, Azure, SoftLayer, and Rackspace clouds where is the likelihood of failure, a disgruntled employee walking out with data or one of the above attacking a large cloud provider.
This really akin to the argument of local gun control versus a terrorist threat. The terrorist threat is absolutely a scarier and much large potential loss, but more likely then not if you have a gun in your house - you are much more likely to be killed with it.
So it comes down to the following: would you rather be checking for a very large threat that impacts not just your organization, but many others and the solvency of an Amazon, IBM, Microsoft or Rackspace or would you rather be doing it all yourself in a very small environment that is much less a target likely much easier to penetrate especially by internal employees. BTW, last time I checked you get a bill when you try to move data out of S3 so you have trail whereas someone can stick a USB drive directly on your server and walk out.