I’ll include the entire response below.
Matt Cutts

We recognize that our continued success is based on earning – and keeping – our users’ trust. There’s a distinction to be made between who can access user data stored in our web apps because the user wants them to and who can access this data without the user choosing to make it available. Many users who use calendar share information with others in their lives—e.g., I share my work travel calendar with my partner. These collaborating and sharing functionalities represent a benefit of cloud computing that’s important to our users and central to why we built Calendar the way we did. As long as access to user data is driven by a user choosing to share it, such access respects privacy concepts of user control. But then there’s the question of unauthorized data access or exposure through security breaches/leaks and through law enforcement requests.

With respect to security:

- In general, hosted software is reliable, safe, and secure. Where we’re at now in terms of people trusting online applications is about where we were when people started realizing that their money was safer in a bank than under their mattress. We and all providers of hosted software services have extensive policy and procedure in place to ensure the highest levels of data availability and protection.

- Product security is a very important factor in the design and development of products and services at Google. We strive to create innovative products that serve our users’ and customers’ needs and operate in their best interest. This includes our commitment to providing products that do not expose users and customers to undue security risk.

- An important factor in our approach to security is our view that security engineering as an ongoing process of risk management that requires the cooperation of everyone involved in the design, development, delivery and operation of our products and services. In our experience, processes where security is “done” only by a security team are not scalable and tend to be ineffective. We strive to integrate security into the overall product development process and are constantly developing increasingly sophisticated measures and continually monitor and update our products and services. Some examples of our security processes include coding style reviews for our engineers, and peer code reviews to ensure high quality code. We also continually look for ways to automate tools or processes to further reduce the need for even this limited set of people to view systems with personal information.

- For example, for Gmail, a very small set of Google employees interact with user data. In order to have access to user data at Gmail, employees must agree to additional restrictions designed to protect our users’ privacy. For example, our internal user data access agreement explicitly mentions that Google employees are not allowed to try to access data on any public figure, any employee at a particular company, or any acquaintance. To do so would be grounds for immediate termination. So for the case that you’re worried about (running a start-up using Google’s tools), we have mechanisms and policies in place that specifically protect your privacy in that situation. We are also continually looking for ways to automate tools or processes to further reduce the need for even this limited set of people to view systems with personal information.

- We use the web apps we develop (Gmail, Calendar, Docs & Spreadsheets, etc.) ourselves as Google employees—all 10,000 of us. If Google designs these authentication systems to be large enough for our own needs that’s probably the best recommendation we can give to our users about the security of these systems, since lots of confidential information passes through them every day. In addition, our campus doctors store their information, so we have HIPAA-controlled data stored in our system.

- It’s also important to point out that, in some ways, keeping confidential or personal information “in the cloud” presents less risk than housing it on your laptop, since laptops get stolen and such thefts have been a source of major data leaks for many organizations. For example, there’s a recent story of a computer theft at a financial services company which revealed strategy plans that the CFO was working on from her laptop.

I don’t think any other webmail compares to Gmail.
Reader is among the best feed readers out there (though the limitations of the interface are starting to get to me).
I would be using GrandCentral, but I found out about it just before they bought it, and routing my calls through them seem like a very, very bad idea.
Google Calendar, Google Analytics, Google Groups, Google Earth & Maps (I really was not happy about Street View)…

But they’re very, very good at what they do. Though I’m hearing some rumbles that, not only have consumers reached a Google saturation point, but that Google might have also peaked in terms of finding talent (mind you, not very reputable sources).

but i ain’t worried about google anymore john… that’s *so* last year. nowadays, i worry about Facebook & how much power i’m giving to all the crazy Facebook apps i run.

on to bigger & better worries!

- dave mcclure
http://500hats.typepad.com/

I’d really appreciate some decent competition, however. So I _could_ focus more on intangibles.