Personally I don't want to touch any device that is cloud based for several reasons. First sooner or later they will collect, use and sell your information. Second, at some point they may abandon your product or product version and brick your devices. Thirdly it is not really in their business interest to make your device/system secure possibly opening you up to a third party attack. There are exceptions, but generally that's the way it is. It's not personal, its business.
One reason I really like Indigo is that it doesn't need to be connected to internet, nor does it seem to send information to the cloud (if you could confirm that Mat. I haven't noticed any connection attempts beyond the license verification, which I allow). I also like that it runs on Mac, which is also (in my opinion) more concerned with privacy and security then many other vendors.
Either way, I still protect my network with a commercial grade firewall (Fortigate) and have my automation segregated (in to physically separate networks). Most of my automation devices are not smart enough to connect to the internet (by choice), but ones that are, do try to continuously reach the outside world. I can see my cameras trying to connect to servers around the world, especially china. My TV once connected tried to initiate a flurry of connections as does my Logitech harmony remote (both blocked). It doesn't have to be nefarious, but sometimes it is. I had one camera (since trashed) try to reach a known botnet.
The problem is that most people will not be able to take such measures to protect themselves, nor will many understand the need. People using Indigo is a self selected group of computer enthusiasts who are better able to secure their networks i think. I happen to be an electrical engineer and worked in the past in securing corporate networks, but even with my knowledge I know that what I'm doing is not a guarantee of privacy and security. Nor am I doing the maximum that I could. The problem is that security is a trade of and I'm no longer willing to live with the constraints of a highly secured network. I know that if someone with decent knowledge of network security and serious intent on compromising my system will do so. I just hope, that my security setup is good enough to prevent an average hacker from getting in and that I'm not interesting enough target for the advanced one to try.
My 2c