I'm talking about actual information about what Google does with their data.
The cost-benefit analysis and risk tolerance doesn't tell us about how much Google secures their privacy, it tells us about how much the company cares about their privacy/security.
Beyond that, it's a trust and a penalties-for-violating-policy exercise.
And I agree with you: you can probably tell volumes about how much a company cares about the risk factors based on who they trust. But I don't generally think companies are being ignorant placing their chips on Google---it's a big org with a lot to lose if something goes wrong. That gives it advantages over either smaller competitors or rolling one's own (factoring in that to match the security of a dedicated service's cloud offering while approaching the convenience of such an offering, you basically have to hire your own full-attack-surface-spectrum infosec team, and that's one more line item in a small company's budget).
The cost-benefit analysis and risk tolerance doesn't tell us about how much Google secures their privacy, it tells us about how much the company cares about their privacy/security.