Hi there, saw your PM and thought I'd reply here instead of there...
I use Evernote for multiple things.
1) There's a newsletter I subscribe to, and I save all the little notes at the bottom that are mainly nice bits of further reading, or a list of things to think about. I use Printopia to "print" the articles that are linked in the newsletter to Evernote for later reading, and I use MacTubes to pull out any YouTube videos mentioned.
That same guy has a blog, and I save that in an additional notebook.
2) I save my class notes. I write my notes in a tiny notebook that I've been using for a year and a half now, and then I get up the next day and write them again in Evernote with proper formatting, tables, and all that nice stuff. I make note of all the videos our teacher showed us, and do the same thing as I do with the newsletter. I also pull stuff from Wikipedia and other sites with the "printer" that is briefly mentioned.
3) I have a notebook for inspiration, and then another for manuals (seemed like the best place to put those
). I also keep one for tutorials. Stuff on the internet is not really permanent, like in the sense that if you don't save it, you're going to have a hard time finding it down the road if all you have is a bookmark in Safari. So I have a lot of stuff in my Evernote account like that.
I'm not too worried about Evernote in general, but it was like the third or fourth account that was leaked in the last year. I'm very worried about identity theft at this point (I do keep an eye on my credit score though).
Since a lot of people mainly use it for educational purposes, it's not a big threat. No one wants to download a goldmine of 100TB of someone's lectures. The same thing with to-dos. I don't use Evernote for to-dos, but I know some people here might. The Smart Notebook they have is especially designed for that (I have yet to use mine though).
They have an API too, so I guess better encryption could actually hurt developers?
But yeah, I wouldn't worry too much. The service is getting better everyday, and I would still highly recommend it. If they see it as big of an issue, they'll up the security, which they have with the two-factor authentication for now.