Yes-ish. When you're making broad "trust us" claims to consumers - who don't know the industry or its practices, let alone the technical details - then the really honest approach is to follow those consumer's understanding of your promises.

Otherwise, they might end up feeling that they were duped by the weasel-words of a sleazy lawyer.

Maybe some might feel that way at first, but it’s also an opportunity and responsibility to educate.

This problem is why enterprise contractual agreements and large compliance systems exist for companies at this scale. Large hosting providers like AWS, Azure, GCP, etc. provide an ability to scale and assurances about risk mitigation, privacy, and availability that are much more viable than each company having to maintain their own private in-house fleets just to create an additional illusion of privacy/security that’s actually no better than tight contractual controls to begin with.

Maybe they need to explain this properly, but servers don’t magically have a lower level of risk just because they’re behind your four walls. In fact, if you lack the experience and expertise, the risk is almost certainly higher depending on your threat model. (And for Apple, their threat model is at the nationstate level. They don’t choose their hosting providers lightly.)