I think that's a reasonable risk considering one can have an offline backup AND it's still better than handing the key out like candy, assuming the service is trustworthy.