Adobe lecturing anyone on security?
I must have imagined all those flash vulnerabilities.
Is iCloud encrypted under the consumer's key? That seems like the smart thing to do.
No, that is absolutely not the smart thing to do. Brute force attacks on the key are throttled by the phone hardware, but there would be no throttling on internal iCloud attacks on that same key. Not only could a government get your data from the cloud but it then has the key for anything you didn't backup to the cloud.
Presumably attacks within the cloud could normally only be performed by government agencies, and I guess its is slightly better that your naked selfies be accessible to only the government than available to any skilled hacker.