Not really weighing in on the making clothes analogy, but if you wanted a thermostat to control without the cloud. The Vera Lite controller can work independent of the Internet.
http://getvera.com/controllers...

While their site provides conveniences like easier connectivity without port forwarding, the entire setup can be done without any connectivity to their site. Then couple that with Z-Wave devices like this Honeywell Z-Wave Thermostat I looked up (I haven't used it, but have a Trane Z-Wave thermostat and a 2GIG Z-Wave Thermostat):
http://www.homedepot.com/p/Hon...

Personally, I've been writing my own node.js based z-wave controller using a Z-Wave USB stick plugged into a Raspberry Pi. But that's only by choice. I ran the Vera Lite for a couple years and it worked fine. Admitted, this is a 2 part solution, but the Vera Lite would be your Z-Wave controller for other devices such as light switches and such. For something you can buy at Lowe's or Home Depot:
http://www.lowes.com/pd_650029...

S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.