It's Apple's fault. They abandoned principled security a long, long time ago if you were paying attention. Chinese iCloud users have no protection against state-authorized backdoors since Apple removed the hardware security modules[0] that protect user encryption keys (at the PRC's request). Apple doesn't care about protecting their users above and beyond the reach of the state, state surveillance is an inevitability.

When you start down a slippery slope like this, you burn trust and make people demand transparency. It's impossible for me to say that I'm any more secure as an American user - no trusted third-parties actually audit Apple's American iCloud servers for such backdoors. Users trusting Apple for security are (unfortunately) fish in a barrel, same as ever.

[0] https://www.nytimes.com/2017/07/12/business/apple-china-data...