This is crypto 101, dayglo. If you manage your own keys, this isn't a problem, regardless of whose cloud you use.
Invest in a YubiKey, encrypt ALL of your disks (BitLocker works just fine), and it doesn't matter if your data is on your computer, a local NAS, on a floppy disk in a drawer, or on a DVD in a safe, if you own the key, they can't see your data. Period.
Well, yes of course, :-). Thats why Ive had PGP/GnuPG encryption on all my own computers since the 1996 or so. My personal data is encrypted everywhere, on the working disks, in the backups, etc. I take reasonable care to avoid writing unencrypted temp files while editing, all that stuff. Somebody would have to put an agent on my machine that can read live RAM to get at the unencrypted data. Meanwhile, the only thing thats changed over the years are the length of the keys (now at 4096) and the passphrases.
But you and I both know that that route isnt a viable option for the vast majority of todays computer/device users. So they rely on Apple to do the right thing.