How can you trust any SaaS claims? Leave their security ones.
I think it boils down to trust and marketing. In the end, since the software is not hosted on our servers, we don't know for sure if they really are secure. We can't force guys like SalesForce to make guarantees either. I would love to see a third party website that reviews all these SaaS applications and report on their downtime, security, issues, etc.