Re: "key server under the customer's control"
[replying to my own post - bad form, I know...] - making a valid point though :-)
I'd say to an extent it puts some things where they belong; security of customer data should at least in part be the responsibility of the customer.