Bingo. Zero knowledge encrypted storage service providers of pretty much any stripe all suffer from the same flaw:
You are trusting them to provide you the software you are entering your decryption keys into when its time to decrypt anything.
How do you that software doesn't send them the keys? You don't.
Even if it doesn't, today, and they send you an udpate, how do you know the update doesn't send them the keys? You don't.
It fundamentally requires that you trust them not to steal your keys, and that you continue to trust them each time you visit their site / or update the client.
Your best solution to achieve real security is to use one provider for storage (doesn't really matter who...dropbox or google or use the NSA directly if you like), and do the encryption and key management yourself; ideally using audited open source code.
Nothing is perfect, even this. And I could go on and on about how to further mitigate risks to your client side solution. But its a lot better than simply trusting your storage provider.