Shouldn't we just assume that anything we upload to the cloud could be made public? Either through a hack, an employee, a misconfiguration, etc. If something is sensitive enough that you don't want it public it probably shouldn't be in the cloud, period. Regardless of what the default visibility is.
e: On second thought there probably are exceptions - I'm not worried that something backed up to Backblaze will be leaked, for example. But a random flash card app? I'd assume that info is public. Maybe I'm just paranoid.
I am no security professional, but from what I have read, probably.
This is why it's important for things like password managers, personal documents, etc. to be encrypted client side if backed up or hosted somewhere on another machine that isn't yours.
A good line that I've seen people use on this forum: "the cloud is just somebody else's computer".
e: On second thought there probably are exceptions - I'm not worried that something backed up to Backblaze will be leaked, for example. But a random flash card app? I'd assume that info is public. Maybe I'm just paranoid.