In your safety statement, you can read:
Salesforce.com uses some of the most advanced internet security technologies available today.
When you read the rest of the article, nothing really shows what this statement is. Using SSL is very common, like this "most advanced"? What proves that their server follows best security practice, as this story shows that even a specialized security company does not follow them?
So, how do you get insurance that their code is really reliable? What tools? If you use these tools to fake attacks, they can strike back, for example, so it's not very practical.
This is not aimed especially at salesforce, it is a more general question about SAAS or PAAS. If you use such services to integrate with your site, how can you ensure the correct security processing, knowing that you cannot only trust claims? This is a big question that you need to answer corporate governance when you choose this solution. How can you answer if they need evidence?
source
share