Ars Technica:

Ars recently attempted to delve into the inner workings of the security built into Apple’s iCloud service. Though we came away reasonably certain that iCloud uses industry best practices that Apple claims it uses to protect data and privacy, we warned that your information isn’t entirely protected from prying eyes. At the heart of the issue is the fact that Apple can, at any time, review the data synced with iCloud, and under certain circumstances might share that information with legal authorities.

It’s a a good article and should be read by anyone who uses iCloud but the bottom line is, if you didn’t encrypt it yourself, it can be vulnerable to others.