This isn't a problem for the USER to solve. My problem is with the BUSINESS.

I did understand that you were talking about businesses, but I don't think that's a useful or necessary distinction. Businesses and users are both facing the same security problems. Businesses try to protect their proprietary data, their passwords, their sensitive information, but so are you and I. There's B2B services, and there's B2C services, and security revolves around the same question for both: can I offload some difficult aspect of my work without jeopardizing that work?

My disagreement was mostly with your suggestion that businesses should tell services to GTFO and develop those services in-house instead. I don't think that's a reasonable think to ask of businesses: the ocean of sensitive data has become so incredibly wide (from passwords and pdf's to credit card info and blockchain keys) and deep (big data). It's not the 1920s anymore, which is why SaaS is such a vital part of modern business and why it is incredibly inefficient to have every company and user reinvent the wheel.

Just to give an example, my last gig and my current internship both run everything on Citrix thin clients. Is that safe enough? Maybe not.... Should hundreds if not thousands of companies develop their own OS-integrated remote client solutions just so they have their data back in control? I don't think so.

SaaS is pretty much unavoidable these days even though its incentives are misaligned. My solution, for both users and businesses, is to be way more strict about security in what kind of services they demand. To vote with their wallet and pick the more expensive, more secure option over the bargain hacked together startup solution. I think that's a much more attainable goal for security problems, even though it will never be a perfect option.