I attended the tech details IO session (https://developers.google.com/events/io/sessions/gooio2012/313/ - as of this writing, the video isn't up yet), and they said the encryption keys don't leave the server where the data resides.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
Having blowfish support available is useless unless it is the default since most people won't change it.
If this is a good law in theory, then what is your stance on the citizens of the USA's right to bear arms?
The first link in the story is the human-readable changelog.
The instance and bandwidth expenses are garbage compared to AWS.
True, but on app engine you don't have to worry about scaling, licenses, upgrades, etc. This is worth the extra cost to some.