When you read the rest of the article nothing really shows that this claim. Use of SSL is very common how is this “most advanced”? What proves that their server follows best security practice as this story reveals even a specialized security company doesn't follow them?
So how do you get insurance that their code is really robust? What tools? If you use these tools to fake attacks they may retaliate for example so it's not very practical.
This is not targeted especially at salesforce this is more general question about SAAS or PAAS. If you use such services to integrate with your site, how can you ensure that the security is handled correctly knowing that you cannot trust only claim ? This is a big question you need to answer Corporate Management when you choose such solution. How can you answer if they want proofs ?