Yeah, I get what you're saying but it's only a SPoF in the sense it is one company. However, not knowing is a feature, not a bug. We shouldn't know.

For example, I work in G IT and our vendors have to be FedRamp compliant. To get that certification, some of their systems can't touch, certain people cannot interact among teams, etc. We get these sort of setups for non-critical data to boot. For critical data, it can get even more stringent.  

 Totally agree I shouldn’t known but intend to assume that in the long run every SPOF is guaranteed failure but that’s because I’m a lawyer and all I think about is worst case scenarios day in and day out lol. Thanks for the thoughtful replies though it’s good stuff.