Yeah. I don't think that couchdb does any sort of encryption either.
I am very uninterested in any sort of "cloud" backup scheme that does not
integrate encryption on the client side.
Why? (a person may ask) A few reasons. Whether or not a person should trust
a third party corporation is entirely up to debate... when the encryption
on the client side then it is not a matter of debate; whether you trust
them or not is irrelevant.
The other thing is that it makes storage side a lot cheaper and a lot
easier to implement. I don't have to worry so much about security... A
attacker could break the system and corrupt my data, but there is no
information leakage possible. So while things like TLS and hashing of the
data is important from a identity management and data integrity point of
view it is entirely unimportant to prevent things like identity theft or
whatever. The worst thing that could possibly happen is a DOS attack.
This makes things cheaper; I only have to keep a database of hashes and
check those periodically and authenticate writes, but reads can be done by
anybody and I wouldn't really care... so data preservation techniques like
"lots of copies all over the place" is easy to implement and can be spread
out over lots of organizations without having to care exactly what those
organizations are doing.
As you can imagine that if I was a third party provider of storage that
this sort of approach would massively reduce the amount of headaches I have
to deal with.