Valid point. Conversely though (I'm probably over simplifying here) wouldn't this require some sort of secret instructions in the encryption software to send the user's key to HQ? Wouldn't said transmission be detectable by logging traffic from the encryption program? Granted many won't do that but it would only take one person sniffing packets on their machine to reveal it.
The password would be a number of bytes. They could easily use stenography and hide it in an upload or download of the file. Or have an update that would weakly encrypt the data, or encrypt and decrypt to a key known to them, making it trivial to retrieve the data.
Without the source, their security is meaningless. You've just given a closed source application access to the network, and to your files. You've already lost the game.
Edit: Thinking about it, this is the real problem with encryption: the good is the enemy of the perfect. A 90% solution is worse than a half assed one, because you know not to trust the bad solution.
You only need to transmit the key once, and the timeframe for that is anytime between installation and the first request of the NSA.
That is a lot of regular ping message, directory listing, software update that can be overlooked in that period.
As another commenter pointed out that you voluntarily give the password if you use the web UI. Probably the same if you use a mobile client. So there is build-in room for honest mistake in their service definition.
So basically, you still need to trust a third party, and looking at the recent news, they are really out there to get you.
Another thing that nobody is talking about and at the heart of internet. What about all those SSL certificates ?
