Wow, imagine a Beowolf Cluster of these!
I have to agree. You can't build a system that isn't ever going to be hacked. You can build a system using the best available practices that is very difficult to hack and put the most effective system possible in place to detect hacking attempts as early as possible. To a large extent, it seems that they did a respectable job in both respects. I'm sure that they can make improvements and will learn lessons from this. They are a well capitalized company and it is absolutely vital that they maintain credibility in this respect. The value of their service diminishes greatly if it is not secure. They simply can't be seen as ineffective in this matter.
I am especially impressed that they obviously had an effective plan together to quickly update client applications in the event that something like this happened. They pushed out updates for IOS and Android very quickly. They even updated Penultimate which was only recently integrated into Evernote. It seems like they had their act together as far as that was concerned.
They obviously need to stay on top of this game. I'd like to see two factor authentication and better not encryption options. I have my concerns about using Evernote, but I am still a pretty heavy user with over 6000 notes. So far, the benefits outweigh the risks. From what I have learned about this incident so far, I don't think that my appraisal of the cost and benefit will tip the other way. I hope that it stays that way because we don't learn anything new about this incident that seems careless or irresponsible, and because they continue to develop the product and improve the security.