I go under the assumption that if I'm not the one generating and providing the encryption keys (and really, pre-encrypting the data), absolutely nothing is secure/encrypted. And in all honesty, if it touched the internet, it's already insecure to some extent.
It's been "fun" to read Jewel vs. NSA proceedings, press statements, and officials' statements about these issues because of the extent to which they play word games to technically not lie according to specific (re)definition of words.
Why stop there? If you're not root, you're not secure either. For example, if someone else is root, they can do whatever they want with your locally generated keys, upto and including sending them to the NSA with a little bow on top.
Even if you are root it's no guarantee, thank you rootkits :/
As with all things security, sometimes it comes down to trust and legal protections.
It's been "fun" to read Jewel vs. NSA proceedings, press statements, and officials' statements about these issues because of the extent to which they play word games to technically not lie according to specific (re)definition of words.