From the Apple support document online:
Encrypting content that is stored in iCloud
Apple encrypts data that is stored to deliver the iCloud service. Encrypted data includes:
- Photos in your Photo Stream
- Documents in the Cloud
- Backup data for your iOS device
- Location data for Find My iPhone, iPad, iPod touch, and Mac
- Location data for Find My Friends
Use of Secure Tokens for Authentication
When you access iCloud services using Apple’s built-in apps (for example, Mail, Contacts, and Calendar on iOS 5, and Mail, Address Book, and iCal on OS X Lion), authentication is done using a secure token. Using a secure token eliminates the need to store your iCloud password on devices and computers.
See for more: http://support.apple.com/kb/HT4865
I agree wholeheartedly with your concern, though mine is not primarily for evil people at Apple but for Apple being too willing to comply with a government request for info as was done by the Bush administration with cell phone companies after 9/11. The security mentioned by lesposen and churchill is nice but as long as the host of the data also has access it's not really secure or private. I also don't like what large companies do with my surfing habits, download choices, etc. I know there is a common belief that if you don't do anything wrong you have nothing to worry about, but that is really naive, in my opinion. As one small example, look at the number of people whose lives were ruined during the McCarthy era for doing absolutely nothing wrong. I will probably sign up for the service anyway knowing that I can't rely on the privacy of it and acting accordingly.
Thank you, lesposen, for the link. This article says that the data is encrypted when stored in iCloud, however, it does not describe how exactly it is encrypted and who has access to the key for its decryption. Without that information, stating that the data is encrypted when stored is in fact rather meaningless.
I suspect we will learn more about iCloud and privacy isssues in two weeks at WWDC where the money is betting Apple will give time over to its cloud capabilties and integration with various existing and perhaps new apps. I suspect if it does security will be one of the issues discussed, given general community concern as well as the move to eHealth and iPad usage there in medical/hospital settings. HIPAA and other US laws will be a driving force behind all cloud based initiatives boosting security.